Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2022-1415
Vulnerability from cvelistv5
Published
2023-09-11 20:20
Modified
2024-09-25 19:54
Severity ?
EPSS score ?
Summary
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2022:6813 | Vendor Advisory | |
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2022-1415 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2065505 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2022:6813 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2022-1415 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2065505 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ▼ | Red Hat | RHPAM 7.13.1 async |
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:03:05.986Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2022:6813", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2022:6813", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2022-1415", }, { name: "RHBZ#2065505", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065505", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-1415", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-25T19:54:20.753486Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-25T19:54:35.795Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", ], defaultStatus: "unaffected", product: "RHPAM 7.13.1 async", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:camel_spring_boot:3", ], defaultStatus: "unaffected", packageName: "drools-core", product: "Red Hat build of Apache Camel for Spring Boot", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:quarkus:2", ], defaultStatus: "unaffected", packageName: "drools-core", product: "Red Hat build of Quarkus", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_enterprise_brms_platform:7", ], defaultStatus: "affected", packageName: "drools-core", product: "Red Hat Decision Manager 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:integration:1", ], defaultStatus: "unaffected", packageName: "drools-core", product: "Red Hat Integration Camel K", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:camel_quarkus:2", ], defaultStatus: "unaffected", packageName: "drools-core", product: "Red Hat Integration Camel Quarkus", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_data_grid:7", ], defaultStatus: "unaffected", packageName: "drools-core", product: "Red Hat JBoss Data Grid 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_data_virtualization:6", ], defaultStatus: "unaffected", packageName: "drools-core", product: "Red Hat JBoss Data Virtualization 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_enterprise_application_platform:6", ], defaultStatus: "unknown", packageName: "drools-core", product: "Red Hat JBoss Enterprise Application Platform 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_enterprise_application_platform:7", ], defaultStatus: "unaffected", packageName: "drools-core", product: "Red Hat JBoss Enterprise Application Platform 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jbosseapxp", ], defaultStatus: "unaffected", packageName: "drools-core", product: "Red Hat JBoss Enterprise Application Platform Expansion Pack", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_fuse:6", ], defaultStatus: "unknown", packageName: "drools-core", product: "Red Hat JBoss Fuse 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_fuse:7", ], defaultStatus: "unaffected", packageName: "drools-core", product: "Red Hat JBoss Fuse 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_fuse_service_works:6", ], defaultStatus: "unknown", packageName: "drools-core", product: "Red Hat JBoss Fuse Service Works 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", ], defaultStatus: "affected", packageName: "drools-core", product: "Red Hat Process Automation 7", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Paulino Calderon (Websec) for reporting this issue.", }, ], datePublic: "2022-10-28T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T15:32:23.354Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2022:6813", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2022:6813", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2022-1415", }, { name: "RHBZ#2065505", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065505", }, ], timeline: [ { lang: "en", time: "2021-12-28T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2022-10-28T00:00:00+00:00", value: "Made public.", }, ], title: "Drools: unsafe data deserialization in streamutils", x_redhatCweChain: "CWE-502: Deserialization of Untrusted Data", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-1415", datePublished: "2023-09-11T20:20:23.745Z", dateReserved: "2022-04-20T12:43:39.822Z", dateUpdated: "2024-09-25T19:54:35.795Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68146098-58F8-417E-B165-5182527117C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:drools:7.69.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C63D3269-9F0C-44C4-AC56-FEBD51D5E780\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"434B744A-9665-4340-B02D-7923FCB2B562\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20A6B40D-F991-4712-8E30-5FE008505CB7\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 una falla en la que algunas clases de utilidad en el n\\u00facleo de Drools no usaban las medidas de seguridad adecuadas al deserializar datos. Esta falla permite a un atacante autenticado construir objetos serializados maliciosos (generalmente llamados gadgets) y lograr la ejecuci\\u00f3n de c\\u00f3digo en el servidor.\"}]", id: "CVE-2022-1415", lastModified: "2024-11-21T06:40:41.140", metrics: "{\"cvssMetricV31\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}", published: "2023-09-11T21:15:41.483", references: "[{\"url\": \"https://access.redhat.com/errata/RHSA-2022:6813\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-1415\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2065505\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2022:6813\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-1415\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2065505\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}]", sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2022-1415\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2023-09-11T21:15:41.483\",\"lastModified\":\"2024-11-21T06:40:41.140\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.\"},{\"lang\":\"es\",\"value\":\"Se encontró una falla en la que algunas clases de utilidad en el núcleo de Drools no usaban las medidas de seguridad adecuadas al deserializar datos. Esta falla permite a un atacante autenticado construir objetos serializados maliciosos (generalmente llamados gadgets) y lograr la ejecución de código en el servidor.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68146098-58F8-417E-B165-5182527117C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:drools:7.69.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C63D3269-9F0C-44C4-AC56-FEBD51D5E780\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"434B744A-9665-4340-B02D-7923FCB2B562\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20A6B40D-F991-4712-8E30-5FE008505CB7\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2022:6813\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-1415\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2065505\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2022:6813\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-1415\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2065505\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2022:6813\", \"name\": \"RHSA-2022:6813\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-1415\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2065505\", \"name\": \"RHBZ#2065505\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T00:03:05.986Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-1415\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-25T19:54:20.753486Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-25T19:54:31.513Z\"}}], \"cna\": {\"title\": \"Drools: unsafe data deserialization in streamutils\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Paulino Calderon (Websec) for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13\"], \"vendor\": \"Red Hat\", \"product\": \"RHPAM 7.13.1 async\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:camel_spring_boot:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Apache Camel for Spring Boot\", \"packageName\": \"drools-core\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:quarkus:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Quarkus\", \"packageName\": \"drools-core\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_brms_platform:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Decision Manager 7\", \"packageName\": \"drools-core\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:integration:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Integration Camel K\", \"packageName\": \"drools-core\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:camel_quarkus:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Integration Camel Quarkus\", \"packageName\": \"drools-core\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_data_grid:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Data Grid 7\", \"packageName\": \"drools-core\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_data_virtualization:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Data Virtualization 6\", \"packageName\": \"drools-core\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 6\", \"packageName\": \"drools-core\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7\", \"packageName\": \"drools-core\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jbosseapxp\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform Expansion Pack\", \"packageName\": \"drools-core\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_fuse:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Fuse 6\", \"packageName\": \"drools-core\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_fuse:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Fuse 7\", \"packageName\": \"drools-core\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_fuse_service_works:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Fuse Service Works 6\", \"packageName\": \"drools-core\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_bpms_platform:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Process Automation 7\", \"packageName\": \"drools-core\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2021-12-28T00:00:00+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2022-10-28T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2022-10-28T00:00:00+00:00\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2022:6813\", \"name\": \"RHSA-2022:6813\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-1415\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2065505\", \"name\": \"RHBZ#2065505\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2024-05-03T15:32:23.354Z\"}, \"x_redhatCweChain\": \"CWE-502: Deserialization of Untrusted Data\"}}", cveMetadata: "{\"cveId\": \"CVE-2022-1415\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-25T19:54:35.795Z\", \"dateReserved\": \"2022-04-20T12:43:39.822Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2023-09-11T20:20:23.745Z\", \"assignerShortName\": \"redhat\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
suse-su-2023:0345-1
Vulnerability from csaf_suse
Published
2023-02-10 14:06
Modified
2023-02-10 14:06
Summary
Security update for SUSE Manager Server 4.3
Notes
Title of the patch
Security update for SUSE Manager Server 4.3
Description of the patch
This update fixes the following issues:
cobbler:
- Improve Cobbler performance with item cache and threadpool (bsc#1205489)
- Skip collections that are inconsistent instead of crashing (bsc#1205749)
- Add new 'cobbler-tests-containers' subpackage which contains setup and
configuration files to run Cobbler tests in containers.
- Add missing code for previous patch file around boot_loaders migration.
- Avoid possible override of existing values during migration
of collections to 3.0.0 (bsc#1206160)
- Fix regression: allow empty string as interface_type value (bsc#1203478)
- Fix failing Cobbler tests after upgrading to 3.3.3.
drools:
- CVE-2022-1415: Deserialization of Untrusted Data: unsafe data deserialization
in DroolsStreamUtils.java (bsc#1204879)
grafana-formula:
- Version 0.8.0
* Set dashboard names depending on project
* Update dashboards to use new JSON schema
* Fix PostgreSQL dashboard queries
* Migrate deprecated panels to their current replacements
image-sync-formula:
- Update to version 0.1.1673279145.e7616bd
* Add form entry for use lates boot image pillar value (bsc#1206055)
inter-server-sync:
- Version 0.2.6
* Export package extra tags for complete debian repo metatdata (bsc#1206375)
* Replace URLs in OS Images pillars when exporting and importing images
mgr-osad:
- Version 4.3.7-1
* Updated logrotate configuration (bsc#1206470)
mgr-push:
- Version 4.3.5-1
* Update translation strings
rhnlib:
- Version 4.3.5-1
* Don't get stuck at the end of SSL transfers (bsc#1204032)
saltboot-formula:
- Update to version 0.1.1673279145.e7616bd
* Add failsafe stop file when salt-minion does not stop (bsc#1172110)
* Add use case of saltboot group formula outside containerized env
(bsc#1206186)
* Add 'kernel_action' to saltboot form (bsc#1206055)
spacecmd:
- Version 4.3.18-1
* Add python-dateutil dependency, required to process date values in
spacecmd api calls
- Version 4.3.17-1
* Remove python3-simplejson dependency
* Correctly understand 'ssm' keyword on scap scheduling
* Add vendor_advisory information to errata_details call (bsc#1205207)
* Added two missing options to schedule product migration: allow-vendor-change
and remove-products-without-successor (bsc#1204126)
* Changed schedule product migration to use the correct API method
* Change default port of 'Containerized Proxy configuration' 8022
spacewalk-backend:
- Version 4.3.18-1
* Add 'octet-stream' to accepted content-types for reposync mirrorlists
* Exclude invalid mirror urls for reposync (bsc#1203826)
* Compute headers as list of two-tuples to be used by url grabber (bsc#1205523)
* Updated logrotate configuration (bsc#1206470)
* Add rhel_9 as Salt-enabled kickstart installation
* do not fetch mirrorlist when a file url is given
spacewalk-certs-tools:
- Version 4.3.17-1
* Backport SLE Micro bootstrap fixes
spacewalk-client-tools:
- Version 4.3.14-1
* Update translation strings
spacewalk-java:
- Version 4.3.46-1
* action chains: recognize transactional_update.reboot as a reboot action
- Version 4.3.45-1
* Improve logs when sls action chain file is missing
- Version 4.3.44-1
* Add reboot needed indicator to systems list
* Fix transaction commit behavior for Spark routes
* Fix modular channel check during system update via XMLRPC (bsc#1206613)
* Fix CVE Audit ignoring errata in parent channels if patch in successor
product exists (bsc#1206168)
* Fix CVE Audit incorrectly displaying predecessor product (bsc#1205663)
* Improve automatic dependency selection for vendor clones
* Optimize the number of salt calls on minion startup (bsc#1203532)
* Fix name for autoinstall snippets after Cobbler 3.3.3
* prevent ISE on activation key page when selected base channel value is null
* Trigger a package profile update when a new live-patch is installed (bsc#1206249)
* Fix HTTP API login status code when using wrong credentials (bsc#1206666)
* Configure the reboot action for transactional systems appropriately
* Fix link to documentation in monitoring page
* Fix server error in product migration outside maintenance window (bsc#1206276)
* Updated logrotate configuration (bsc#1206470)
* Only remove product catalog if PAYG ssh credentials are defined (bsc#1205943)
* Source Select2 and jQuery UI from susemanager-frontend-libs
* Don't use hash in apidoc links
* Limit changelog data in generated metadata to 20 entries
* Fix internal server error when transferring system between organizations
* Fix products controller to keep loading mandatory channels even when there are
broken channels (bsc#1204270)
* Move web dependencies from susemanager-frontend-libs to
spacewalk-web
* Fix server error while bootstrapping SSH-managed Red Hat-like minion (bsc#1205890)
* send notifications also as email if email notifications are enabled
* Add subscription warning notification to overview page
* Fix CLM to not remove necessary packages when filtering erratas (bsc#1195979)
* Add vendor_advisory to errata.getDetails (bsc#1205207)
* Fix ClassCastException
* disable cloned vendor channel auto selection by default (bsc#1204186)
* Add SUSE Liberty Linux support for RHEL9 based clients
* Removed contents of certificates from the web UI logs (bsc#1204715)
* Fix kickstart for RHEL 9 to not add install command
* Remove RHEL kickstart types below 6
* Don't persist the YAML parser in FormulaFactory (bsc#1205754)
* format results for package, errata and image build actions in
system history similar to state apply results
* check for NULL in DEB package install size value
* adapt permissions of temporary ssh key directory
* Fixed traditional stack warning message to be displayed only when the system
has enterprise entitlement (bsc#1205350)
* Remove invalid errata selection after patch installation (bsc#1204235)
* Ignore insert conflicts during reporting database update (bsc#1202150)
* Allowed cancelling pending actions with a failed prerequisite (bsc#1204712)
* Run only minion actions that are in the pending status (bsc#1205012)
* Allow usage of one FQDN to deploy containerized proxy in VM (#19586)
* Migrate formulas with default values to database (bsc#1204932)
spacewalk-search:
- Version 4.3.8-1
* Updated logrotate configuration (bsc#1206470)
* fix logging configuration of the search daemon (bsc#1206336)
spacewalk-utils:
- Version 4.3.16-1
* spacewalk-hostname-rename changes also report db host(bsc#1200801)
* Add Uyuni SLE-Micro Client Tools repositories
spacewalk-web:
- Version 4.3.27-1
* Add reboot needed indicator to systems list
* Fix salt keys page keeps loading when no key exists (bsc#1206799)
* Fix link to documentation in monitoring page
* Source Select2 and jQuery UI from susemanager-frontend-libs
* fix frontend logging in react pages
* Move web dependencies from susemanager-frontend-libs to
spacewalk-web
supportutils-plugin-susemanager:
- Version 4.3.6-1
* update susemanager plugin to export the number of pending salt events
susemanager:
- Version 4.3.23-1
* fix bootstrap repo definition for SUSE Liberty Linux 9 and RHEL9
(bsc#1207136)
- Version 4.3.22-1
* fix tools channel detection on Uyuni
susemanager-build-keys:
- Version 15.4.7:
* add SUSE Liberty v2 key
susemanager-docs_en:
- Removed SUSE Linux Enterprise MicroOS technical preview admonitions
from the Client Configuration Guide
- Action chains now supported for SUSE Linux Enterprise MicroOS
Product Migration listed as unsupported for now for SUSE Linux
Enterprise MicroOS
- Remove SUSE Linux Enterprise Micro requirement to preinstall
salt-transactional package
- Organized navigation bar in the Installation and Upgrade
Guide
- Fixed SUSE Linux Enterprise Micro channel names in the Client
Configuration Guide
- Added SUSE Liberty Linux 9 clients as supported and now use the
SUSE Liberty Linux name more consistently
- Containerized proxy now allows usage of single FQDN. Documented in
the Installation and Upgrade Guide
- Added information about GPG key usuage in the Debian section of
the Client Configuration Guide
- Clarified monitoring components support matrix in the
Client Configuration Guide
- Added information on using Hub when managing greater than 10K
clients to the Hardware Requirements in the Installation and
Upgrade Guide
- Improved Grafana configuration instructions in the Administration
Guide
- Limit the changelog data in generated metadata in Administration
Guide. The default number of entries is now 20 and it is consistent
with the number of entries from SUSE Linux Enterprise
- Warning to emphasize about storage requirements before migration
in the Installation and Upgrade Guide
susemanager-schema:
- Version 4.3.16-1
* Remove legacy cluster_admin user group
* add subscription warning info pane
* Remove data related to RHEL below 6
* Increase cron_expr varchar length to 120 in suseRecurringAction
table (bsc#1205040)
susemanager-sls:
- Version 4.3.29-1
* Improve _mgractionchains.conf logs
* Prevent possible errors from 'mgractionschains' module when there is no action chain to resume
- Version 4.3.28-1
* Move transactional_update.conf to correct location
- Version 4.3.27-1
* Do not include pillar_only formulas in highstate
* Optimize the number of salt calls on minion startup (bsc#1203532)
* install SUSE Liberty v2 GPG key
* Bootstrap state now writes salt config in correct overlay on SLE Micro (bsc#1206294)
* Fix reboot info beacon installation
* Add state to properly configure the reboot action for transactional systems
* Updated logrotate configuration (bsc#1206470)
* Fix server error while bootstrapping SSH-managed Red Hat-like minion (bsc#1205890)
* Avoid installing recommended packages from assigned products (bsc#1204330)
with suma_minion salt pillar extension module (bsc#1205255)
susemanager-sync-data:
- Version 4.3.12-1
* change OES 2023 URL to https and make the tools channels mandatory
(bsc#1205644)
* remove version from product names as they are held separate
susemanager-tftpsync:
- Version 4.3.3-1
* Introduce threadpool for tftpsync to increase performance
while syncing files to proxies (bsc#1205489)
uyuni-common-libs:
- Version 4.3.7-1
* unify user notification code on java side
uyuni-setup-reportdb:
- Version 4.3.6-1
* Fix password generation in uyuni-setup-reportdb (bsc#1205919)
virtual-host-gatherer:
- Version 1.0.24-1
* Report total memory of a libvirt hypervisor
* Improve interoperability with other Python projects
How to apply this update:
1. Log in as root user to the SUSE Manager Server.
2. Stop the Spacewalk service:
`spacewalk-service stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service:
`spacewalk-service start`
Patchnames
SUSE-2023-345,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-345
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for SUSE Manager Server 4.3", title: "Title of the patch", }, { category: "description", text: "\nThis update fixes the following issues:\n\ncobbler:\n\n- Improve Cobbler performance with item cache and threadpool (bsc#1205489)\n- Skip collections that are inconsistent instead of crashing (bsc#1205749)\n- Add new 'cobbler-tests-containers' subpackage which contains setup and\n configuration files to run Cobbler tests in containers.\n- Add missing code for previous patch file around boot_loaders migration.\n- Avoid possible override of existing values during migration\n of collections to 3.0.0 (bsc#1206160)\n- Fix regression: allow empty string as interface_type value (bsc#1203478) \n- Fix failing Cobbler tests after upgrading to 3.3.3.\n\ndrools:\n\n- CVE-2022-1415: Deserialization of Untrusted Data: unsafe data deserialization\n in DroolsStreamUtils.java (bsc#1204879)\n\ngrafana-formula:\n\n- Version 0.8.0\n * Set dashboard names depending on project\n * Update dashboards to use new JSON schema\n * Fix PostgreSQL dashboard queries\n * Migrate deprecated panels to their current replacements\n\nimage-sync-formula:\n\n- Update to version 0.1.1673279145.e7616bd\n * Add form entry for use lates boot image pillar value (bsc#1206055)\n\ninter-server-sync:\n\n- Version 0.2.6\n * Export package extra tags for complete debian repo metatdata (bsc#1206375)\n * Replace URLs in OS Images pillars when exporting and importing images\n\nmgr-osad:\n\n- Version 4.3.7-1\n * Updated logrotate configuration (bsc#1206470)\n\nmgr-push:\n\n- Version 4.3.5-1\n * Update translation strings\n\nrhnlib:\n\n- Version 4.3.5-1\n * Don't get stuck at the end of SSL transfers (bsc#1204032)\n\nsaltboot-formula:\n\n- Update to version 0.1.1673279145.e7616bd\n * Add failsafe stop file when salt-minion does not stop (bsc#1172110)\n * Add use case of saltboot group formula outside containerized env\n (bsc#1206186)\n * Add 'kernel_action' to saltboot form (bsc#1206055)\n\nspacecmd:\n\n- Version 4.3.18-1\n * Add python-dateutil dependency, required to process date values in\n spacecmd api calls\n- Version 4.3.17-1\n * Remove python3-simplejson dependency\n * Correctly understand 'ssm' keyword on scap scheduling\n * Add vendor_advisory information to errata_details call (bsc#1205207)\n * Added two missing options to schedule product migration: allow-vendor-change\n and remove-products-without-successor (bsc#1204126)\n * Changed schedule product migration to use the correct API method\n * Change default port of 'Containerized Proxy configuration' 8022\n\nspacewalk-backend:\n\n- Version 4.3.18-1\n * Add 'octet-stream' to accepted content-types for reposync mirrorlists\n * Exclude invalid mirror urls for reposync (bsc#1203826)\n * Compute headers as list of two-tuples to be used by url grabber (bsc#1205523)\n * Updated logrotate configuration (bsc#1206470)\n * Add rhel_9 as Salt-enabled kickstart installation\n * do not fetch mirrorlist when a file url is given\n\nspacewalk-certs-tools:\n\n- Version 4.3.17-1\n * Backport SLE Micro bootstrap fixes\n\nspacewalk-client-tools:\n\n- Version 4.3.14-1\n * Update translation strings\n\nspacewalk-java:\n\n- Version 4.3.46-1\n * action chains: recognize transactional_update.reboot as a reboot action\n- Version 4.3.45-1\n * Improve logs when sls action chain file is missing\n- Version 4.3.44-1\n * Add reboot needed indicator to systems list\n * Fix transaction commit behavior for Spark routes\n * Fix modular channel check during system update via XMLRPC (bsc#1206613)\n * Fix CVE Audit ignoring errata in parent channels if patch in successor\n product exists (bsc#1206168)\n * Fix CVE Audit incorrectly displaying predecessor product (bsc#1205663)\n * Improve automatic dependency selection for vendor clones\n * Optimize the number of salt calls on minion startup (bsc#1203532)\n * Fix name for autoinstall snippets after Cobbler 3.3.3\n * prevent ISE on activation key page when selected base channel value is null\n * Trigger a package profile update when a new live-patch is installed (bsc#1206249)\n * Fix HTTP API login status code when using wrong credentials (bsc#1206666)\n * Configure the reboot action for transactional systems appropriately\n * Fix link to documentation in monitoring page\n * Fix server error in product migration outside maintenance window (bsc#1206276)\n * Updated logrotate configuration (bsc#1206470)\n * Only remove product catalog if PAYG ssh credentials are defined (bsc#1205943)\n * Source Select2 and jQuery UI from susemanager-frontend-libs\n * Don't use hash in apidoc links\n * Limit changelog data in generated metadata to 20 entries\n * Fix internal server error when transferring system between organizations\n * Fix products controller to keep loading mandatory channels even when there are\n broken channels (bsc#1204270)\n * Move web dependencies from susemanager-frontend-libs to\n spacewalk-web\n * Fix server error while bootstrapping SSH-managed Red Hat-like minion (bsc#1205890)\n * send notifications also as email if email notifications are enabled\n * Add subscription warning notification to overview page\n * Fix CLM to not remove necessary packages when filtering erratas (bsc#1195979)\n * Add vendor_advisory to errata.getDetails (bsc#1205207)\n * Fix ClassCastException\n * disable cloned vendor channel auto selection by default (bsc#1204186) \n * Add SUSE Liberty Linux support for RHEL9 based clients\n * Removed contents of certificates from the web UI logs (bsc#1204715)\n * Fix kickstart for RHEL 9 to not add install command\n * Remove RHEL kickstart types below 6\n * Don't persist the YAML parser in FormulaFactory (bsc#1205754)\n * format results for package, errata and image build actions in\n system history similar to state apply results\n * check for NULL in DEB package install size value\n * adapt permissions of temporary ssh key directory\n * Fixed traditional stack warning message to be displayed only when the system\n has enterprise entitlement (bsc#1205350)\n * Remove invalid errata selection after patch installation (bsc#1204235)\n * Ignore insert conflicts during reporting database update (bsc#1202150)\n * Allowed cancelling pending actions with a failed prerequisite (bsc#1204712)\n * Run only minion actions that are in the pending status (bsc#1205012)\n * Allow usage of one FQDN to deploy containerized proxy in VM (#19586)\n * Migrate formulas with default values to database (bsc#1204932)\n\nspacewalk-search:\n\n- Version 4.3.8-1\n * Updated logrotate configuration (bsc#1206470)\n * fix logging configuration of the search daemon (bsc#1206336)\n\nspacewalk-utils:\n\n- Version 4.3.16-1\n * spacewalk-hostname-rename changes also report db host(bsc#1200801)\n * Add Uyuni SLE-Micro Client Tools repositories\n\nspacewalk-web:\n\n- Version 4.3.27-1\n * Add reboot needed indicator to systems list\n * Fix salt keys page keeps loading when no key exists (bsc#1206799)\n * Fix link to documentation in monitoring page\n * Source Select2 and jQuery UI from susemanager-frontend-libs\n * fix frontend logging in react pages\n * Move web dependencies from susemanager-frontend-libs to\n spacewalk-web\n\nsupportutils-plugin-susemanager:\n\n- Version 4.3.6-1\n * update susemanager plugin to export the number of pending salt events\n\nsusemanager:\n\n- Version 4.3.23-1\n * fix bootstrap repo definition for SUSE Liberty Linux 9 and RHEL9\n (bsc#1207136)\n- Version 4.3.22-1\n * fix tools channel detection on Uyuni\n\nsusemanager-build-keys:\n\n- Version 15.4.7:\n * add SUSE Liberty v2 key\n\nsusemanager-docs_en:\n\n- Removed SUSE Linux Enterprise MicroOS technical preview admonitions \n from the Client Configuration Guide\n- Action chains now supported for SUSE Linux Enterprise MicroOS\n Product Migration listed as unsupported for now for SUSE Linux\n Enterprise MicroOS\n- Remove SUSE Linux Enterprise Micro requirement to preinstall\n salt-transactional package\n- Organized navigation bar in the Installation and Upgrade\n Guide\n- Fixed SUSE Linux Enterprise Micro channel names in the Client \n Configuration Guide\n- Added SUSE Liberty Linux 9 clients as supported and now use the \n SUSE Liberty Linux name more consistently\n- Containerized proxy now allows usage of single FQDN. Documented in\n the Installation and Upgrade Guide\n- Added information about GPG key usuage in the Debian section of \n the Client Configuration Guide \n- Clarified monitoring components support matrix in the \n Client Configuration Guide\n- Added information on using Hub when managing greater than 10K \n clients to the Hardware Requirements in the Installation and \n Upgrade Guide\n- Improved Grafana configuration instructions in the Administration \n Guide\n- Limit the changelog data in generated metadata in Administration \n Guide. The default number of entries is now 20 and it is consistent \n with the number of entries from SUSE Linux Enterprise\n- Warning to emphasize about storage requirements before migration \n in the Installation and Upgrade Guide\n\nsusemanager-schema:\n\n- Version 4.3.16-1\n * Remove legacy cluster_admin user group\n * add subscription warning info pane\n * Remove data related to RHEL below 6\n * Increase cron_expr varchar length to 120 in suseRecurringAction\n table (bsc#1205040)\n\nsusemanager-sls:\n \n- Version 4.3.29-1\n * Improve _mgractionchains.conf logs\n * Prevent possible errors from 'mgractionschains' module when there is no action chain to resume\n- Version 4.3.28-1\n * Move transactional_update.conf to correct location\n- Version 4.3.27-1\n * Do not include pillar_only formulas in highstate\n * Optimize the number of salt calls on minion startup (bsc#1203532)\n * install SUSE Liberty v2 GPG key\n * Bootstrap state now writes salt config in correct overlay on SLE Micro (bsc#1206294)\n * Fix reboot info beacon installation\n * Add state to properly configure the reboot action for transactional systems\n * Updated logrotate configuration (bsc#1206470)\n * Fix server error while bootstrapping SSH-managed Red Hat-like minion (bsc#1205890)\n * Avoid installing recommended packages from assigned products (bsc#1204330)\n with suma_minion salt pillar extension module (bsc#1205255)\n\nsusemanager-sync-data:\n\n- Version 4.3.12-1\n * change OES 2023 URL to https and make the tools channels mandatory\n (bsc#1205644)\n * remove version from product names as they are held separate\n\nsusemanager-tftpsync:\n\n- Version 4.3.3-1\n * Introduce threadpool for tftpsync to increase performance\n while syncing files to proxies (bsc#1205489)\n\nuyuni-common-libs:\n\n- Version 4.3.7-1\n * unify user notification code on java side\n\nuyuni-setup-reportdb:\n\n- Version 4.3.6-1\n * Fix password generation in uyuni-setup-reportdb (bsc#1205919)\n\nvirtual-host-gatherer:\n\n- Version 1.0.24-1\n * Report total memory of a libvirt hypervisor\n * Improve interoperability with other Python projects\n\nHow to apply this update:\n\n1. Log in as root user to the SUSE Manager Server.\n2. Stop the Spacewalk service:\n`spacewalk-service stop`\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Start the Spacewalk service:\n`spacewalk-service start`\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-345,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-345", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0345-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:0345-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20230345-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:0345-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013724.html", }, { category: "self", summary: "SUSE Bug 1172110", url: "https://bugzilla.suse.com/1172110", }, { category: "self", summary: "SUSE Bug 1195979", url: "https://bugzilla.suse.com/1195979", }, { category: "self", summary: "SUSE Bug 1200801", url: "https://bugzilla.suse.com/1200801", }, { category: "self", summary: "SUSE Bug 1202150", url: "https://bugzilla.suse.com/1202150", }, { category: "self", summary: "SUSE Bug 1203478", url: "https://bugzilla.suse.com/1203478", }, { category: "self", summary: "SUSE Bug 1203532", url: "https://bugzilla.suse.com/1203532", }, { category: "self", summary: "SUSE Bug 1203826", url: "https://bugzilla.suse.com/1203826", }, { category: "self", summary: "SUSE Bug 1204032", url: "https://bugzilla.suse.com/1204032", }, { category: "self", summary: "SUSE Bug 1204126", url: "https://bugzilla.suse.com/1204126", }, { category: "self", summary: "SUSE Bug 1204186", url: "https://bugzilla.suse.com/1204186", }, { category: "self", summary: "SUSE Bug 1204235", url: "https://bugzilla.suse.com/1204235", }, { category: "self", summary: "SUSE Bug 1204270", url: "https://bugzilla.suse.com/1204270", }, { category: "self", summary: "SUSE Bug 1204330", url: "https://bugzilla.suse.com/1204330", }, { category: "self", summary: "SUSE Bug 1204712", url: "https://bugzilla.suse.com/1204712", }, { category: "self", summary: "SUSE Bug 1204715", url: "https://bugzilla.suse.com/1204715", }, { category: "self", summary: "SUSE Bug 1204879", url: "https://bugzilla.suse.com/1204879", }, { category: "self", summary: "SUSE Bug 1204932", url: "https://bugzilla.suse.com/1204932", }, { category: "self", summary: "SUSE Bug 1205012", url: "https://bugzilla.suse.com/1205012", }, { category: "self", summary: "SUSE Bug 1205040", url: "https://bugzilla.suse.com/1205040", }, { category: "self", summary: "SUSE Bug 1205207", url: "https://bugzilla.suse.com/1205207", }, { category: "self", summary: "SUSE Bug 1205255", url: "https://bugzilla.suse.com/1205255", }, { category: "self", summary: "SUSE Bug 1205350", url: "https://bugzilla.suse.com/1205350", }, { category: "self", summary: "SUSE Bug 1205489", url: "https://bugzilla.suse.com/1205489", }, { category: "self", summary: "SUSE Bug 1205523", url: "https://bugzilla.suse.com/1205523", }, { category: "self", summary: "SUSE Bug 1205644", url: "https://bugzilla.suse.com/1205644", }, { category: "self", summary: "SUSE Bug 1205663", url: "https://bugzilla.suse.com/1205663", }, { category: "self", summary: "SUSE Bug 1205749", url: "https://bugzilla.suse.com/1205749", }, { category: "self", summary: "SUSE Bug 1205754", url: "https://bugzilla.suse.com/1205754", }, { category: "self", summary: "SUSE Bug 1205890", url: "https://bugzilla.suse.com/1205890", }, { category: "self", summary: "SUSE Bug 1205919", url: "https://bugzilla.suse.com/1205919", }, { category: "self", summary: "SUSE Bug 1205943", url: "https://bugzilla.suse.com/1205943", }, { category: "self", summary: "SUSE Bug 1206055", url: "https://bugzilla.suse.com/1206055", }, { category: "self", summary: "SUSE Bug 1206160", url: "https://bugzilla.suse.com/1206160", }, { category: "self", summary: "SUSE Bug 1206168", url: "https://bugzilla.suse.com/1206168", }, { category: "self", summary: "SUSE Bug 1206186", url: "https://bugzilla.suse.com/1206186", }, { category: "self", summary: "SUSE Bug 1206249", url: "https://bugzilla.suse.com/1206249", }, { category: "self", summary: "SUSE Bug 1206276", url: "https://bugzilla.suse.com/1206276", }, { category: "self", summary: "SUSE Bug 1206294", url: "https://bugzilla.suse.com/1206294", }, { category: "self", summary: "SUSE Bug 1206336", url: "https://bugzilla.suse.com/1206336", }, { category: "self", summary: "SUSE Bug 1206375", url: "https://bugzilla.suse.com/1206375", }, { category: "self", summary: "SUSE Bug 1206470", url: "https://bugzilla.suse.com/1206470", }, { category: "self", summary: "SUSE Bug 1206613", url: "https://bugzilla.suse.com/1206613", }, { category: "self", summary: "SUSE Bug 1206666", url: "https://bugzilla.suse.com/1206666", }, { category: "self", summary: "SUSE Bug 1206799", url: "https://bugzilla.suse.com/1206799", }, { category: "self", summary: "SUSE Bug 1207136", url: "https://bugzilla.suse.com/1207136", }, { category: "self", summary: "SUSE CVE CVE-2022-1415 page", url: "https://www.suse.com/security/cve/CVE-2022-1415/", }, ], title: "Security update for SUSE Manager Server 4.3", tracking: { current_release_date: "2023-02-10T14:06:32Z", generator: { date: "2023-02-10T14:06:32Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:0345-1", initial_release_date: "2023-02-10T14:06:32Z", revision_history: [ { date: "2023-02-10T14:06:32Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "inter-server-sync-0.2.6-150400.3.12.3.aarch64", product: { name: "inter-server-sync-0.2.6-150400.3.12.3.aarch64", product_id: "inter-server-sync-0.2.6-150400.3.12.3.aarch64", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.3.7-150400.3.9.4.aarch64", product: { name: "python2-uyuni-common-libs-4.3.7-150400.3.9.4.aarch64", product_id: "python2-uyuni-common-libs-4.3.7-150400.3.9.4.aarch64", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.3.7-150400.3.9.4.aarch64", product: { name: "python3-uyuni-common-libs-4.3.7-150400.3.9.4.aarch64", product_id: "python3-uyuni-common-libs-4.3.7-150400.3.9.4.aarch64", }, }, { category: "product_version", name: "susemanager-4.3.23-150400.3.16.3.aarch64", product: { name: "susemanager-4.3.23-150400.3.16.3.aarch64", product_id: "susemanager-4.3.23-150400.3.16.3.aarch64", }, }, { category: "product_version", name: "susemanager-tftpsync-4.3.3-150400.3.6.5.aarch64", product: { name: "susemanager-tftpsync-4.3.3-150400.3.6.5.aarch64", product_id: "susemanager-tftpsync-4.3.3-150400.3.6.5.aarch64", }, }, { category: "product_version", name: "susemanager-tools-4.3.23-150400.3.16.3.aarch64", product: { name: "susemanager-tools-4.3.23-150400.3.16.3.aarch64", product_id: "susemanager-tools-4.3.23-150400.3.16.3.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "cobbler-3.3.3-150400.5.17.3.noarch", product: { name: "cobbler-3.3.3-150400.5.17.3.noarch", product_id: "cobbler-3.3.3-150400.5.17.3.noarch", }, }, { category: "product_version", name: "cobbler-tests-3.3.3-150400.5.17.3.noarch", product: { name: "cobbler-tests-3.3.3-150400.5.17.3.noarch", product_id: "cobbler-tests-3.3.3-150400.5.17.3.noarch", }, }, { category: "product_version", name: "cobbler-tests-containers-3.3.3-150400.5.17.3.noarch", product: { name: "cobbler-tests-containers-3.3.3-150400.5.17.3.noarch", product_id: "cobbler-tests-containers-3.3.3-150400.5.17.3.noarch", }, }, { category: "product_version", name: "drools-7.17.0-150400.3.9.3.noarch", product: { name: "drools-7.17.0-150400.3.9.3.noarch", product_id: "drools-7.17.0-150400.3.9.3.noarch", }, }, { category: "product_version", name: "grafana-formula-0.8.0-150400.3.6.3.noarch", product: { name: "grafana-formula-0.8.0-150400.3.6.3.noarch", product_id: "grafana-formula-0.8.0-150400.3.6.3.noarch", }, }, { category: "product_version", name: "image-sync-formula-0.1.1673279145.e7616bd-150400.3.9.3.noarch", product: { name: "image-sync-formula-0.1.1673279145.e7616bd-150400.3.9.3.noarch", product_id: "image-sync-formula-0.1.1673279145.e7616bd-150400.3.9.3.noarch", }, }, { category: "product_version", name: "mgr-osa-dispatcher-4.3.7-150400.3.3.4.noarch", product: { name: "mgr-osa-dispatcher-4.3.7-150400.3.3.4.noarch", product_id: "mgr-osa-dispatcher-4.3.7-150400.3.3.4.noarch", }, }, { category: "product_version", name: "mgr-osad-4.3.7-150400.3.3.4.noarch", product: { name: "mgr-osad-4.3.7-150400.3.3.4.noarch", product_id: "mgr-osad-4.3.7-150400.3.3.4.noarch", }, }, { category: "product_version", name: "mgr-push-4.3.5-150400.3.3.5.noarch", product: { name: "mgr-push-4.3.5-150400.3.3.5.noarch", product_id: "mgr-push-4.3.5-150400.3.3.5.noarch", }, }, { category: "product_version", name: "python3-mgr-osa-common-4.3.7-150400.3.3.4.noarch", product: { name: "python3-mgr-osa-common-4.3.7-150400.3.3.4.noarch", product_id: "python3-mgr-osa-common-4.3.7-150400.3.3.4.noarch", }, }, { category: "product_version", name: "python3-mgr-osa-dispatcher-4.3.7-150400.3.3.4.noarch", product: { name: "python3-mgr-osa-dispatcher-4.3.7-150400.3.3.4.noarch", product_id: "python3-mgr-osa-dispatcher-4.3.7-150400.3.3.4.noarch", }, }, { category: "product_version", name: "python3-mgr-osad-4.3.7-150400.3.3.4.noarch", product: { name: "python3-mgr-osad-4.3.7-150400.3.3.4.noarch", product_id: "python3-mgr-osad-4.3.7-150400.3.3.4.noarch", }, }, { category: "product_version", name: "python3-mgr-push-4.3.5-150400.3.3.5.noarch", product: { name: "python3-mgr-push-4.3.5-150400.3.3.5.noarch", product_id: "python3-mgr-push-4.3.5-150400.3.3.5.noarch", }, }, { category: "product_version", name: "python3-rhnlib-4.3.5-150400.3.3.3.noarch", product: { name: "python3-rhnlib-4.3.5-150400.3.3.3.noarch", product_id: "python3-rhnlib-4.3.5-150400.3.3.3.noarch", }, }, { category: "product_version", name: "python3-spacewalk-certs-tools-4.3.17-150400.3.12.4.noarch", product: { name: "python3-spacewalk-certs-tools-4.3.17-150400.3.12.4.noarch", product_id: "python3-spacewalk-certs-tools-4.3.17-150400.3.12.4.noarch", }, }, { category: "product_version", name: "python3-spacewalk-check-4.3.14-150400.3.12.5.noarch", product: { name: "python3-spacewalk-check-4.3.14-150400.3.12.5.noarch", product_id: "python3-spacewalk-check-4.3.14-150400.3.12.5.noarch", }, }, { category: "product_version", name: "python3-spacewalk-client-setup-4.3.14-150400.3.12.5.noarch", product: { name: "python3-spacewalk-client-setup-4.3.14-150400.3.12.5.noarch", product_id: "python3-spacewalk-client-setup-4.3.14-150400.3.12.5.noarch", }, }, { category: "product_version", name: "python3-spacewalk-client-tools-4.3.14-150400.3.12.5.noarch", product: { name: "python3-spacewalk-client-tools-4.3.14-150400.3.12.5.noarch", product_id: "python3-spacewalk-client-tools-4.3.14-150400.3.12.5.noarch", }, }, { category: "product_version", name: "saltboot-formula-0.1.1673279145.e7616bd-150400.3.6.3.noarch", product: { name: "saltboot-formula-0.1.1673279145.e7616bd-150400.3.6.3.noarch", product_id: "saltboot-formula-0.1.1673279145.e7616bd-150400.3.6.3.noarch", }, }, { category: "product_version", name: "spacecmd-4.3.18-150400.3.12.3.noarch", product: { name: "spacecmd-4.3.18-150400.3.12.3.noarch", product_id: "spacecmd-4.3.18-150400.3.12.3.noarch", }, }, { category: "product_version", name: "spacewalk-backend-4.3.18-150400.3.12.5.noarch", product: { name: "spacewalk-backend-4.3.18-150400.3.12.5.noarch", product_id: "spacewalk-backend-4.3.18-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-app-4.3.18-150400.3.12.5.noarch", product: { name: "spacewalk-backend-app-4.3.18-150400.3.12.5.noarch", product_id: "spacewalk-backend-app-4.3.18-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-applet-4.3.18-150400.3.12.5.noarch", product: { name: "spacewalk-backend-applet-4.3.18-150400.3.12.5.noarch", product_id: "spacewalk-backend-applet-4.3.18-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-cdn-4.3.18-150400.3.12.5.noarch", product: { name: "spacewalk-backend-cdn-4.3.18-150400.3.12.5.noarch", product_id: "spacewalk-backend-cdn-4.3.18-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-config-files-4.3.18-150400.3.12.5.noarch", product: { name: "spacewalk-backend-config-files-4.3.18-150400.3.12.5.noarch", product_id: "spacewalk-backend-config-files-4.3.18-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-config-files-common-4.3.18-150400.3.12.5.noarch", product: { name: "spacewalk-backend-config-files-common-4.3.18-150400.3.12.5.noarch", product_id: "spacewalk-backend-config-files-common-4.3.18-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-config-files-tool-4.3.18-150400.3.12.5.noarch", product: { name: "spacewalk-backend-config-files-tool-4.3.18-150400.3.12.5.noarch", product_id: "spacewalk-backend-config-files-tool-4.3.18-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-iss-4.3.18-150400.3.12.5.noarch", product: { name: "spacewalk-backend-iss-4.3.18-150400.3.12.5.noarch", product_id: "spacewalk-backend-iss-4.3.18-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-iss-export-4.3.18-150400.3.12.5.noarch", product: { name: "spacewalk-backend-iss-export-4.3.18-150400.3.12.5.noarch", product_id: "spacewalk-backend-iss-export-4.3.18-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-package-push-server-4.3.18-150400.3.12.5.noarch", product: { name: "spacewalk-backend-package-push-server-4.3.18-150400.3.12.5.noarch", product_id: "spacewalk-backend-package-push-server-4.3.18-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-server-4.3.18-150400.3.12.5.noarch", product: { name: "spacewalk-backend-server-4.3.18-150400.3.12.5.noarch", product_id: "spacewalk-backend-server-4.3.18-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-sql-4.3.18-150400.3.12.5.noarch", product: { name: "spacewalk-backend-sql-4.3.18-150400.3.12.5.noarch", product_id: "spacewalk-backend-sql-4.3.18-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-sql-postgresql-4.3.18-150400.3.12.5.noarch", product: { name: "spacewalk-backend-sql-postgresql-4.3.18-150400.3.12.5.noarch", product_id: "spacewalk-backend-sql-postgresql-4.3.18-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-tools-4.3.18-150400.3.12.5.noarch", product: { name: "spacewalk-backend-tools-4.3.18-150400.3.12.5.noarch", product_id: "spacewalk-backend-tools-4.3.18-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-xml-export-libs-4.3.18-150400.3.12.5.noarch", product: { name: "spacewalk-backend-xml-export-libs-4.3.18-150400.3.12.5.noarch", product_id: "spacewalk-backend-xml-export-libs-4.3.18-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-xmlrpc-4.3.18-150400.3.12.5.noarch", product: { name: "spacewalk-backend-xmlrpc-4.3.18-150400.3.12.5.noarch", product_id: "spacewalk-backend-xmlrpc-4.3.18-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-base-4.3.27-150400.3.12.5.noarch", product: { name: "spacewalk-base-4.3.27-150400.3.12.5.noarch", product_id: "spacewalk-base-4.3.27-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-base-minimal-4.3.27-150400.3.12.5.noarch", product: { name: "spacewalk-base-minimal-4.3.27-150400.3.12.5.noarch", product_id: "spacewalk-base-minimal-4.3.27-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-base-minimal-config-4.3.27-150400.3.12.5.noarch", product: { name: "spacewalk-base-minimal-config-4.3.27-150400.3.12.5.noarch", product_id: "spacewalk-base-minimal-config-4.3.27-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-certs-tools-4.3.17-150400.3.12.4.noarch", product: { name: "spacewalk-certs-tools-4.3.17-150400.3.12.4.noarch", product_id: "spacewalk-certs-tools-4.3.17-150400.3.12.4.noarch", }, }, { category: "product_version", name: "spacewalk-check-4.3.14-150400.3.12.5.noarch", product: { name: "spacewalk-check-4.3.14-150400.3.12.5.noarch", product_id: "spacewalk-check-4.3.14-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-client-setup-4.3.14-150400.3.12.5.noarch", product: { name: "spacewalk-client-setup-4.3.14-150400.3.12.5.noarch", product_id: "spacewalk-client-setup-4.3.14-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-client-tools-4.3.14-150400.3.12.5.noarch", product: { name: "spacewalk-client-tools-4.3.14-150400.3.12.5.noarch", product_id: "spacewalk-client-tools-4.3.14-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-dobby-4.3.27-150400.3.12.5.noarch", product: { name: "spacewalk-dobby-4.3.27-150400.3.12.5.noarch", product_id: "spacewalk-dobby-4.3.27-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-html-4.3.27-150400.3.12.5.noarch", product: { name: "spacewalk-html-4.3.27-150400.3.12.5.noarch", product_id: "spacewalk-html-4.3.27-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-html-debug-4.3.27-150400.3.12.5.noarch", product: { name: "spacewalk-html-debug-4.3.27-150400.3.12.5.noarch", product_id: "spacewalk-html-debug-4.3.27-150400.3.12.5.noarch", }, }, { category: "product_version", name: "spacewalk-java-4.3.46-150400.3.28.1.noarch", product: { name: "spacewalk-java-4.3.46-150400.3.28.1.noarch", product_id: "spacewalk-java-4.3.46-150400.3.28.1.noarch", }, }, { category: "product_version", name: "spacewalk-java-apidoc-sources-4.3.46-150400.3.28.1.noarch", product: { name: "spacewalk-java-apidoc-sources-4.3.46-150400.3.28.1.noarch", product_id: "spacewalk-java-apidoc-sources-4.3.46-150400.3.28.1.noarch", }, }, { category: "product_version", name: "spacewalk-java-config-4.3.46-150400.3.28.1.noarch", product: { name: "spacewalk-java-config-4.3.46-150400.3.28.1.noarch", product_id: "spacewalk-java-config-4.3.46-150400.3.28.1.noarch", }, }, { category: "product_version", name: "spacewalk-java-lib-4.3.46-150400.3.28.1.noarch", product: { name: "spacewalk-java-lib-4.3.46-150400.3.28.1.noarch", product_id: "spacewalk-java-lib-4.3.46-150400.3.28.1.noarch", }, }, { category: "product_version", name: "spacewalk-java-postgresql-4.3.46-150400.3.28.1.noarch", product: { name: "spacewalk-java-postgresql-4.3.46-150400.3.28.1.noarch", product_id: "spacewalk-java-postgresql-4.3.46-150400.3.28.1.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-broker-4.3.14-150400.3.11.4.noarch", product: { name: "spacewalk-proxy-broker-4.3.14-150400.3.11.4.noarch", product_id: "spacewalk-proxy-broker-4.3.14-150400.3.11.4.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-common-4.3.14-150400.3.11.4.noarch", product: { name: "spacewalk-proxy-common-4.3.14-150400.3.11.4.noarch", product_id: "spacewalk-proxy-common-4.3.14-150400.3.11.4.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-management-4.3.14-150400.3.11.4.noarch", product: { name: "spacewalk-proxy-management-4.3.14-150400.3.11.4.noarch", product_id: "spacewalk-proxy-management-4.3.14-150400.3.11.4.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-package-manager-4.3.14-150400.3.11.4.noarch", product: { name: "spacewalk-proxy-package-manager-4.3.14-150400.3.11.4.noarch", product_id: "spacewalk-proxy-package-manager-4.3.14-150400.3.11.4.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-redirect-4.3.14-150400.3.11.4.noarch", product: { name: "spacewalk-proxy-redirect-4.3.14-150400.3.11.4.noarch", product_id: "spacewalk-proxy-redirect-4.3.14-150400.3.11.4.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-salt-4.3.14-150400.3.11.4.noarch", product: { name: "spacewalk-proxy-salt-4.3.14-150400.3.11.4.noarch", product_id: "spacewalk-proxy-salt-4.3.14-150400.3.11.4.noarch", }, }, { category: "product_version", name: "spacewalk-search-4.3.8-150400.3.9.3.noarch", product: { name: "spacewalk-search-4.3.8-150400.3.9.3.noarch", product_id: "spacewalk-search-4.3.8-150400.3.9.3.noarch", }, }, { category: "product_version", name: "spacewalk-taskomatic-4.3.46-150400.3.28.1.noarch", product: { name: "spacewalk-taskomatic-4.3.46-150400.3.28.1.noarch", product_id: "spacewalk-taskomatic-4.3.46-150400.3.28.1.noarch", }, }, { category: "product_version", name: "spacewalk-utils-4.3.16-150400.3.12.3.noarch", product: { name: "spacewalk-utils-4.3.16-150400.3.12.3.noarch", product_id: "spacewalk-utils-4.3.16-150400.3.12.3.noarch", }, }, { category: "product_version", name: "spacewalk-utils-extras-4.3.16-150400.3.12.3.noarch", product: { name: "spacewalk-utils-extras-4.3.16-150400.3.12.3.noarch", product_id: "spacewalk-utils-extras-4.3.16-150400.3.12.3.noarch", }, }, { category: "product_version", name: "supportutils-plugin-susemanager-4.3.6-150400.3.6.3.noarch", product: { name: "supportutils-plugin-susemanager-4.3.6-150400.3.6.3.noarch", product_id: "supportutils-plugin-susemanager-4.3.6-150400.3.6.3.noarch", }, }, { category: "product_version", name: "susemanager-build-keys-15.4.7-150400.3.12.3.noarch", product: { name: "susemanager-build-keys-15.4.7-150400.3.12.3.noarch", product_id: "susemanager-build-keys-15.4.7-150400.3.12.3.noarch", }, }, { category: "product_version", name: "susemanager-build-keys-web-15.4.7-150400.3.12.3.noarch", product: { name: "susemanager-build-keys-web-15.4.7-150400.3.12.3.noarch", product_id: "susemanager-build-keys-web-15.4.7-150400.3.12.3.noarch", }, }, { category: "product_version", name: "susemanager-docs_en-4.3-150400.9.19.1.noarch", product: { name: "susemanager-docs_en-4.3-150400.9.19.1.noarch", product_id: "susemanager-docs_en-4.3-150400.9.19.1.noarch", }, }, { category: "product_version", name: "susemanager-docs_en-pdf-4.3-150400.9.19.1.noarch", product: { name: "susemanager-docs_en-pdf-4.3-150400.9.19.1.noarch", product_id: "susemanager-docs_en-pdf-4.3-150400.9.19.1.noarch", }, }, { category: "product_version", name: "susemanager-schema-4.3.16-150400.3.12.4.noarch", product: { name: "susemanager-schema-4.3.16-150400.3.12.4.noarch", product_id: "susemanager-schema-4.3.16-150400.3.12.4.noarch", }, }, { category: "product_version", name: "susemanager-schema-sanity-4.3.16-150400.3.12.4.noarch", product: { name: "susemanager-schema-sanity-4.3.16-150400.3.12.4.noarch", product_id: "susemanager-schema-sanity-4.3.16-150400.3.12.4.noarch", }, }, { category: "product_version", name: "susemanager-schema-utility-4.3.16-150400.3.12.4.noarch", product: { name: "susemanager-schema-utility-4.3.16-150400.3.12.4.noarch", product_id: "susemanager-schema-utility-4.3.16-150400.3.12.4.noarch", }, }, { category: "product_version", name: "susemanager-sls-4.3.29-150400.3.16.1.noarch", product: { name: "susemanager-sls-4.3.29-150400.3.16.1.noarch", product_id: "susemanager-sls-4.3.29-150400.3.16.1.noarch", }, }, { category: "product_version", name: "susemanager-sync-data-4.3.12-150400.3.11.3.noarch", product: { name: "susemanager-sync-data-4.3.12-150400.3.11.3.noarch", product_id: "susemanager-sync-data-4.3.12-150400.3.11.3.noarch", }, }, { category: "product_version", name: "susemanager-tftpsync-recv-4.3.8-150400.3.6.4.noarch", product: { name: "susemanager-tftpsync-recv-4.3.8-150400.3.6.4.noarch", product_id: "susemanager-tftpsync-recv-4.3.8-150400.3.6.4.noarch", }, }, { category: "product_version", name: "uyuni-config-modules-4.3.29-150400.3.16.1.noarch", product: { name: "uyuni-config-modules-4.3.29-150400.3.16.1.noarch", product_id: "uyuni-config-modules-4.3.29-150400.3.16.1.noarch", }, }, { category: "product_version", name: "uyuni-setup-reportdb-4.3.6-150400.3.3.4.noarch", product: { name: "uyuni-setup-reportdb-4.3.6-150400.3.3.4.noarch", product_id: "uyuni-setup-reportdb-4.3.6-150400.3.3.4.noarch", }, }, { category: "product_version", name: "virtual-host-gatherer-1.0.24-150400.3.6.3.noarch", product: { name: "virtual-host-gatherer-1.0.24-150400.3.6.3.noarch", product_id: "virtual-host-gatherer-1.0.24-150400.3.6.3.noarch", }, }, { category: "product_version", name: "virtual-host-gatherer-Kubernetes-1.0.24-150400.3.6.3.noarch", product: { name: "virtual-host-gatherer-Kubernetes-1.0.24-150400.3.6.3.noarch", product_id: "virtual-host-gatherer-Kubernetes-1.0.24-150400.3.6.3.noarch", }, }, { category: "product_version", name: "virtual-host-gatherer-Libvirt-1.0.24-150400.3.6.3.noarch", product: { name: "virtual-host-gatherer-Libvirt-1.0.24-150400.3.6.3.noarch", product_id: "virtual-host-gatherer-Libvirt-1.0.24-150400.3.6.3.noarch", }, }, { category: "product_version", name: "virtual-host-gatherer-Nutanix-1.0.24-150400.3.6.3.noarch", product: { name: "virtual-host-gatherer-Nutanix-1.0.24-150400.3.6.3.noarch", product_id: "virtual-host-gatherer-Nutanix-1.0.24-150400.3.6.3.noarch", }, }, { category: "product_version", name: "virtual-host-gatherer-VMware-1.0.24-150400.3.6.3.noarch", product: { name: "virtual-host-gatherer-VMware-1.0.24-150400.3.6.3.noarch", product_id: "virtual-host-gatherer-VMware-1.0.24-150400.3.6.3.noarch", }, }, { category: "product_version", name: "virtual-host-gatherer-libcloud-1.0.24-150400.3.6.3.noarch", product: { name: "virtual-host-gatherer-libcloud-1.0.24-150400.3.6.3.noarch", product_id: "virtual-host-gatherer-libcloud-1.0.24-150400.3.6.3.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "inter-server-sync-0.2.6-150400.3.12.3.ppc64le", product: { name: "inter-server-sync-0.2.6-150400.3.12.3.ppc64le", product_id: "inter-server-sync-0.2.6-150400.3.12.3.ppc64le", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.3.7-150400.3.9.4.ppc64le", product: { name: "python2-uyuni-common-libs-4.3.7-150400.3.9.4.ppc64le", product_id: "python2-uyuni-common-libs-4.3.7-150400.3.9.4.ppc64le", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.3.7-150400.3.9.4.ppc64le", product: { name: "python3-uyuni-common-libs-4.3.7-150400.3.9.4.ppc64le", product_id: "python3-uyuni-common-libs-4.3.7-150400.3.9.4.ppc64le", }, }, { category: "product_version", name: "susemanager-4.3.23-150400.3.16.3.ppc64le", product: { name: "susemanager-4.3.23-150400.3.16.3.ppc64le", product_id: "susemanager-4.3.23-150400.3.16.3.ppc64le", }, }, { category: "product_version", name: "susemanager-tftpsync-4.3.3-150400.3.6.5.ppc64le", product: { name: "susemanager-tftpsync-4.3.3-150400.3.6.5.ppc64le", product_id: "susemanager-tftpsync-4.3.3-150400.3.6.5.ppc64le", }, }, { category: "product_version", name: "susemanager-tools-4.3.23-150400.3.16.3.ppc64le", product: { name: "susemanager-tools-4.3.23-150400.3.16.3.ppc64le", product_id: "susemanager-tools-4.3.23-150400.3.16.3.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "inter-server-sync-0.2.6-150400.3.12.3.s390x", product: { name: "inter-server-sync-0.2.6-150400.3.12.3.s390x", product_id: "inter-server-sync-0.2.6-150400.3.12.3.s390x", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.3.7-150400.3.9.4.s390x", product: { name: "python2-uyuni-common-libs-4.3.7-150400.3.9.4.s390x", product_id: "python2-uyuni-common-libs-4.3.7-150400.3.9.4.s390x", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.3.7-150400.3.9.4.s390x", product: { name: "python3-uyuni-common-libs-4.3.7-150400.3.9.4.s390x", product_id: "python3-uyuni-common-libs-4.3.7-150400.3.9.4.s390x", }, }, { category: "product_version", name: "susemanager-4.3.23-150400.3.16.3.s390x", product: { name: "susemanager-4.3.23-150400.3.16.3.s390x", product_id: "susemanager-4.3.23-150400.3.16.3.s390x", }, }, { category: "product_version", name: "susemanager-tftpsync-4.3.3-150400.3.6.5.s390x", product: { name: "susemanager-tftpsync-4.3.3-150400.3.6.5.s390x", product_id: "susemanager-tftpsync-4.3.3-150400.3.6.5.s390x", }, }, { category: "product_version", name: "susemanager-tools-4.3.23-150400.3.16.3.s390x", product: { name: "susemanager-tools-4.3.23-150400.3.16.3.s390x", product_id: "susemanager-tools-4.3.23-150400.3.16.3.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "inter-server-sync-0.2.6-150400.3.12.3.x86_64", product: { name: "inter-server-sync-0.2.6-150400.3.12.3.x86_64", product_id: "inter-server-sync-0.2.6-150400.3.12.3.x86_64", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.3.7-150400.3.9.4.x86_64", product: { name: "python2-uyuni-common-libs-4.3.7-150400.3.9.4.x86_64", product_id: "python2-uyuni-common-libs-4.3.7-150400.3.9.4.x86_64", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.3.7-150400.3.9.4.x86_64", product: { name: "python3-uyuni-common-libs-4.3.7-150400.3.9.4.x86_64", product_id: "python3-uyuni-common-libs-4.3.7-150400.3.9.4.x86_64", }, }, { category: "product_version", name: "susemanager-4.3.23-150400.3.16.3.x86_64", product: { name: "susemanager-4.3.23-150400.3.16.3.x86_64", product_id: "susemanager-4.3.23-150400.3.16.3.x86_64", }, }, { category: "product_version", name: "susemanager-tftpsync-4.3.3-150400.3.6.5.x86_64", product: { name: "susemanager-tftpsync-4.3.3-150400.3.6.5.x86_64", product_id: "susemanager-tftpsync-4.3.3-150400.3.6.5.x86_64", }, }, { category: "product_version", name: "susemanager-tools-4.3.23-150400.3.16.3.x86_64", product: { name: "susemanager-tools-4.3.23-150400.3.16.3.x86_64", product_id: "susemanager-tools-4.3.23-150400.3.16.3.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Manager Server Module 4.3", product: { name: "SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-suse-manager-server:4.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "cobbler-3.3.3-150400.5.17.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.17.3.noarch", }, product_reference: "cobbler-3.3.3-150400.5.17.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "drools-7.17.0-150400.3.9.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:drools-7.17.0-150400.3.9.3.noarch", }, product_reference: "drools-7.17.0-150400.3.9.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "grafana-formula-0.8.0-150400.3.6.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:grafana-formula-0.8.0-150400.3.6.3.noarch", }, product_reference: "grafana-formula-0.8.0-150400.3.6.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "image-sync-formula-0.1.1673279145.e7616bd-150400.3.9.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:image-sync-formula-0.1.1673279145.e7616bd-150400.3.9.3.noarch", }, product_reference: "image-sync-formula-0.1.1673279145.e7616bd-150400.3.9.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "inter-server-sync-0.2.6-150400.3.12.3.ppc64le as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:inter-server-sync-0.2.6-150400.3.12.3.ppc64le", }, product_reference: "inter-server-sync-0.2.6-150400.3.12.3.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "inter-server-sync-0.2.6-150400.3.12.3.s390x as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:inter-server-sync-0.2.6-150400.3.12.3.s390x", }, product_reference: "inter-server-sync-0.2.6-150400.3.12.3.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "inter-server-sync-0.2.6-150400.3.12.3.x86_64 as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:inter-server-sync-0.2.6-150400.3.12.3.x86_64", }, product_reference: "inter-server-sync-0.2.6-150400.3.12.3.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "mgr-osa-dispatcher-4.3.7-150400.3.3.4.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:mgr-osa-dispatcher-4.3.7-150400.3.3.4.noarch", }, product_reference: "mgr-osa-dispatcher-4.3.7-150400.3.3.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "mgr-push-4.3.5-150400.3.3.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:mgr-push-4.3.5-150400.3.3.5.noarch", }, product_reference: "mgr-push-4.3.5-150400.3.3.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-osa-common-4.3.7-150400.3.3.4.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-mgr-osa-common-4.3.7-150400.3.3.4.noarch", }, product_reference: "python3-mgr-osa-common-4.3.7-150400.3.3.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-osa-dispatcher-4.3.7-150400.3.3.4.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-mgr-osa-dispatcher-4.3.7-150400.3.3.4.noarch", }, product_reference: "python3-mgr-osa-dispatcher-4.3.7-150400.3.3.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-push-4.3.5-150400.3.3.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-mgr-push-4.3.5-150400.3.3.5.noarch", }, product_reference: "python3-mgr-push-4.3.5-150400.3.3.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-rhnlib-4.3.5-150400.3.3.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-rhnlib-4.3.5-150400.3.3.3.noarch", }, product_reference: "python3-rhnlib-4.3.5-150400.3.3.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-certs-tools-4.3.17-150400.3.12.4.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.17-150400.3.12.4.noarch", }, product_reference: "python3-spacewalk-certs-tools-4.3.17-150400.3.12.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-client-tools-4.3.14-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.14-150400.3.12.5.noarch", }, product_reference: "python3-spacewalk-client-tools-4.3.14-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.3.7-150400.3.9.4.ppc64le as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.7-150400.3.9.4.ppc64le", }, product_reference: "python3-uyuni-common-libs-4.3.7-150400.3.9.4.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.3.7-150400.3.9.4.s390x as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.7-150400.3.9.4.s390x", }, product_reference: "python3-uyuni-common-libs-4.3.7-150400.3.9.4.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.3.7-150400.3.9.4.x86_64 as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.7-150400.3.9.4.x86_64", }, product_reference: "python3-uyuni-common-libs-4.3.7-150400.3.9.4.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "saltboot-formula-0.1.1673279145.e7616bd-150400.3.6.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:saltboot-formula-0.1.1673279145.e7616bd-150400.3.6.3.noarch", }, product_reference: "saltboot-formula-0.1.1673279145.e7616bd-150400.3.6.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacecmd-4.3.18-150400.3.12.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacecmd-4.3.18-150400.3.12.3.noarch", }, product_reference: "spacecmd-4.3.18-150400.3.12.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-4.3.18-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-4.3.18-150400.3.12.5.noarch", }, product_reference: "spacewalk-backend-4.3.18-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-app-4.3.18-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.18-150400.3.12.5.noarch", }, product_reference: "spacewalk-backend-app-4.3.18-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-applet-4.3.18-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.18-150400.3.12.5.noarch", }, product_reference: "spacewalk-backend-applet-4.3.18-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-config-files-4.3.18-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.18-150400.3.12.5.noarch", }, product_reference: "spacewalk-backend-config-files-4.3.18-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-config-files-common-4.3.18-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.18-150400.3.12.5.noarch", }, product_reference: "spacewalk-backend-config-files-common-4.3.18-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-config-files-tool-4.3.18-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.18-150400.3.12.5.noarch", }, product_reference: "spacewalk-backend-config-files-tool-4.3.18-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-iss-4.3.18-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.18-150400.3.12.5.noarch", }, product_reference: "spacewalk-backend-iss-4.3.18-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-iss-export-4.3.18-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.18-150400.3.12.5.noarch", }, product_reference: "spacewalk-backend-iss-export-4.3.18-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-package-push-server-4.3.18-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.18-150400.3.12.5.noarch", }, product_reference: "spacewalk-backend-package-push-server-4.3.18-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-server-4.3.18-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.18-150400.3.12.5.noarch", }, product_reference: "spacewalk-backend-server-4.3.18-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-sql-4.3.18-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.18-150400.3.12.5.noarch", }, product_reference: "spacewalk-backend-sql-4.3.18-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-sql-postgresql-4.3.18-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.18-150400.3.12.5.noarch", }, product_reference: "spacewalk-backend-sql-postgresql-4.3.18-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-tools-4.3.18-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.18-150400.3.12.5.noarch", }, product_reference: "spacewalk-backend-tools-4.3.18-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-xml-export-libs-4.3.18-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.18-150400.3.12.5.noarch", }, product_reference: "spacewalk-backend-xml-export-libs-4.3.18-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-xmlrpc-4.3.18-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.18-150400.3.12.5.noarch", }, product_reference: "spacewalk-backend-xmlrpc-4.3.18-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-4.3.27-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-base-4.3.27-150400.3.12.5.noarch", }, product_reference: "spacewalk-base-4.3.27-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-minimal-4.3.27-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.27-150400.3.12.5.noarch", }, product_reference: "spacewalk-base-minimal-4.3.27-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-minimal-config-4.3.27-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.27-150400.3.12.5.noarch", }, product_reference: "spacewalk-base-minimal-config-4.3.27-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-certs-tools-4.3.17-150400.3.12.4.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.17-150400.3.12.4.noarch", }, product_reference: "spacewalk-certs-tools-4.3.17-150400.3.12.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-tools-4.3.14-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.14-150400.3.12.5.noarch", }, product_reference: "spacewalk-client-tools-4.3.14-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-html-4.3.27-150400.3.12.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-html-4.3.27-150400.3.12.5.noarch", }, product_reference: "spacewalk-html-4.3.27-150400.3.12.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-4.3.46-150400.3.28.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-java-4.3.46-150400.3.28.1.noarch", }, product_reference: "spacewalk-java-4.3.46-150400.3.28.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-config-4.3.46-150400.3.28.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.46-150400.3.28.1.noarch", }, product_reference: "spacewalk-java-config-4.3.46-150400.3.28.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-lib-4.3.46-150400.3.28.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.46-150400.3.28.1.noarch", }, product_reference: "spacewalk-java-lib-4.3.46-150400.3.28.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-postgresql-4.3.46-150400.3.28.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.46-150400.3.28.1.noarch", }, product_reference: "spacewalk-java-postgresql-4.3.46-150400.3.28.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-search-4.3.8-150400.3.9.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-search-4.3.8-150400.3.9.3.noarch", }, product_reference: "spacewalk-search-4.3.8-150400.3.9.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-taskomatic-4.3.46-150400.3.28.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.46-150400.3.28.1.noarch", }, product_reference: "spacewalk-taskomatic-4.3.46-150400.3.28.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-utils-4.3.16-150400.3.12.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-utils-4.3.16-150400.3.12.3.noarch", }, product_reference: "spacewalk-utils-4.3.16-150400.3.12.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-utils-extras-4.3.16-150400.3.12.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.16-150400.3.12.3.noarch", }, product_reference: "spacewalk-utils-extras-4.3.16-150400.3.12.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-susemanager-4.3.6-150400.3.6.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:supportutils-plugin-susemanager-4.3.6-150400.3.6.3.noarch", }, product_reference: "supportutils-plugin-susemanager-4.3.6-150400.3.6.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-4.3.23-150400.3.16.3.ppc64le as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-4.3.23-150400.3.16.3.ppc64le", }, product_reference: "susemanager-4.3.23-150400.3.16.3.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-4.3.23-150400.3.16.3.s390x as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-4.3.23-150400.3.16.3.s390x", }, product_reference: "susemanager-4.3.23-150400.3.16.3.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-4.3.23-150400.3.16.3.x86_64 as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-4.3.23-150400.3.16.3.x86_64", }, product_reference: "susemanager-4.3.23-150400.3.16.3.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-build-keys-15.4.7-150400.3.12.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.7-150400.3.12.3.noarch", }, product_reference: "susemanager-build-keys-15.4.7-150400.3.12.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-build-keys-web-15.4.7-150400.3.12.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.7-150400.3.12.3.noarch", }, product_reference: "susemanager-build-keys-web-15.4.7-150400.3.12.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-docs_en-4.3-150400.9.19.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-docs_en-4.3-150400.9.19.1.noarch", }, product_reference: "susemanager-docs_en-4.3-150400.9.19.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-docs_en-pdf-4.3-150400.9.19.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3-150400.9.19.1.noarch", }, product_reference: "susemanager-docs_en-pdf-4.3-150400.9.19.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-schema-4.3.16-150400.3.12.4.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-schema-4.3.16-150400.3.12.4.noarch", }, product_reference: "susemanager-schema-4.3.16-150400.3.12.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-schema-utility-4.3.16-150400.3.12.4.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.16-150400.3.12.4.noarch", }, product_reference: "susemanager-schema-utility-4.3.16-150400.3.12.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-sls-4.3.29-150400.3.16.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-sls-4.3.29-150400.3.16.1.noarch", }, product_reference: "susemanager-sls-4.3.29-150400.3.16.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-sync-data-4.3.12-150400.3.11.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.12-150400.3.11.3.noarch", }, product_reference: "susemanager-sync-data-4.3.12-150400.3.11.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-tftpsync-4.3.3-150400.3.6.5.ppc64le as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.3-150400.3.6.5.ppc64le", }, product_reference: "susemanager-tftpsync-4.3.3-150400.3.6.5.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-tftpsync-4.3.3-150400.3.6.5.s390x as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.3-150400.3.6.5.s390x", }, product_reference: "susemanager-tftpsync-4.3.3-150400.3.6.5.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-tftpsync-4.3.3-150400.3.6.5.x86_64 as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.3-150400.3.6.5.x86_64", }, product_reference: "susemanager-tftpsync-4.3.3-150400.3.6.5.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-tools-4.3.23-150400.3.16.3.ppc64le as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-tools-4.3.23-150400.3.16.3.ppc64le", }, product_reference: "susemanager-tools-4.3.23-150400.3.16.3.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-tools-4.3.23-150400.3.16.3.s390x as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-tools-4.3.23-150400.3.16.3.s390x", }, product_reference: "susemanager-tools-4.3.23-150400.3.16.3.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-tools-4.3.23-150400.3.16.3.x86_64 as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-tools-4.3.23-150400.3.16.3.x86_64", }, product_reference: "susemanager-tools-4.3.23-150400.3.16.3.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "uyuni-config-modules-4.3.29-150400.3.16.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.29-150400.3.16.1.noarch", }, product_reference: "uyuni-config-modules-4.3.29-150400.3.16.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "uyuni-setup-reportdb-4.3.6-150400.3.3.4.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:uyuni-setup-reportdb-4.3.6-150400.3.3.4.noarch", }, product_reference: "uyuni-setup-reportdb-4.3.6-150400.3.3.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "virtual-host-gatherer-1.0.24-150400.3.6.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:virtual-host-gatherer-1.0.24-150400.3.6.3.noarch", }, product_reference: "virtual-host-gatherer-1.0.24-150400.3.6.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "virtual-host-gatherer-Kubernetes-1.0.24-150400.3.6.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:virtual-host-gatherer-Kubernetes-1.0.24-150400.3.6.3.noarch", }, product_reference: "virtual-host-gatherer-Kubernetes-1.0.24-150400.3.6.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "virtual-host-gatherer-Nutanix-1.0.24-150400.3.6.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:virtual-host-gatherer-Nutanix-1.0.24-150400.3.6.3.noarch", }, product_reference: "virtual-host-gatherer-Nutanix-1.0.24-150400.3.6.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "virtual-host-gatherer-VMware-1.0.24-150400.3.6.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:virtual-host-gatherer-VMware-1.0.24-150400.3.6.3.noarch", }, product_reference: "virtual-host-gatherer-VMware-1.0.24-150400.3.6.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "virtual-host-gatherer-libcloud-1.0.24-150400.3.6.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:virtual-host-gatherer-libcloud-1.0.24-150400.3.6.3.noarch", }, product_reference: "virtual-host-gatherer-libcloud-1.0.24-150400.3.6.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1415", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-1415", }, ], notes: [ { category: "general", text: "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.17.3.noarch", "SUSE Manager Server Module 4.3:drools-7.17.0-150400.3.9.3.noarch", "SUSE Manager Server Module 4.3:grafana-formula-0.8.0-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:image-sync-formula-0.1.1673279145.e7616bd-150400.3.9.3.noarch", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.6-150400.3.12.3.ppc64le", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.6-150400.3.12.3.s390x", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.6-150400.3.12.3.x86_64", "SUSE Manager Server Module 4.3:mgr-osa-dispatcher-4.3.7-150400.3.3.4.noarch", "SUSE Manager Server Module 4.3:mgr-push-4.3.5-150400.3.3.5.noarch", "SUSE Manager Server Module 4.3:python3-mgr-osa-common-4.3.7-150400.3.3.4.noarch", "SUSE Manager Server Module 4.3:python3-mgr-osa-dispatcher-4.3.7-150400.3.3.4.noarch", "SUSE Manager Server Module 4.3:python3-mgr-push-4.3.5-150400.3.3.5.noarch", "SUSE Manager Server Module 4.3:python3-rhnlib-4.3.5-150400.3.3.3.noarch", "SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.17-150400.3.12.4.noarch", "SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.14-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.7-150400.3.9.4.ppc64le", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.7-150400.3.9.4.s390x", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.7-150400.3.9.4.x86_64", "SUSE Manager Server Module 4.3:saltboot-formula-0.1.1673279145.e7616bd-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:spacecmd-4.3.18-150400.3.12.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-4.3.27-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.27-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.27-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.17-150400.3.12.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.14-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-html-4.3.27-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-4.3.46-150400.3.28.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.46-150400.3.28.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.46-150400.3.28.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.46-150400.3.28.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-search-4.3.8-150400.3.9.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.46-150400.3.28.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-utils-4.3.16-150400.3.12.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.16-150400.3.12.3.noarch", "SUSE Manager Server Module 4.3:supportutils-plugin-susemanager-4.3.6-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:susemanager-4.3.23-150400.3.16.3.ppc64le", "SUSE Manager Server Module 4.3:susemanager-4.3.23-150400.3.16.3.s390x", "SUSE Manager Server Module 4.3:susemanager-4.3.23-150400.3.16.3.x86_64", "SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.7-150400.3.12.3.noarch", "SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.7-150400.3.12.3.noarch", "SUSE Manager Server Module 4.3:susemanager-docs_en-4.3-150400.9.19.1.noarch", "SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3-150400.9.19.1.noarch", "SUSE Manager Server Module 4.3:susemanager-schema-4.3.16-150400.3.12.4.noarch", "SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.16-150400.3.12.4.noarch", "SUSE Manager Server Module 4.3:susemanager-sls-4.3.29-150400.3.16.1.noarch", "SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.12-150400.3.11.3.noarch", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.3-150400.3.6.5.ppc64le", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.3-150400.3.6.5.s390x", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.3-150400.3.6.5.x86_64", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.23-150400.3.16.3.ppc64le", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.23-150400.3.16.3.s390x", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.23-150400.3.16.3.x86_64", "SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.29-150400.3.16.1.noarch", "SUSE Manager Server Module 4.3:uyuni-setup-reportdb-4.3.6-150400.3.3.4.noarch", "SUSE Manager Server Module 4.3:virtual-host-gatherer-1.0.24-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:virtual-host-gatherer-Kubernetes-1.0.24-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:virtual-host-gatherer-Nutanix-1.0.24-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:virtual-host-gatherer-VMware-1.0.24-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:virtual-host-gatherer-libcloud-1.0.24-150400.3.6.3.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-1415", url: "https://www.suse.com/security/cve/CVE-2022-1415", }, { category: "external", summary: "SUSE Bug 1204879 for CVE-2022-1415", url: "https://bugzilla.suse.com/1204879", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.17.3.noarch", "SUSE Manager Server Module 4.3:drools-7.17.0-150400.3.9.3.noarch", "SUSE Manager Server Module 4.3:grafana-formula-0.8.0-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:image-sync-formula-0.1.1673279145.e7616bd-150400.3.9.3.noarch", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.6-150400.3.12.3.ppc64le", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.6-150400.3.12.3.s390x", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.6-150400.3.12.3.x86_64", "SUSE Manager Server Module 4.3:mgr-osa-dispatcher-4.3.7-150400.3.3.4.noarch", "SUSE Manager Server Module 4.3:mgr-push-4.3.5-150400.3.3.5.noarch", "SUSE Manager Server Module 4.3:python3-mgr-osa-common-4.3.7-150400.3.3.4.noarch", "SUSE Manager Server Module 4.3:python3-mgr-osa-dispatcher-4.3.7-150400.3.3.4.noarch", "SUSE Manager Server Module 4.3:python3-mgr-push-4.3.5-150400.3.3.5.noarch", "SUSE Manager Server Module 4.3:python3-rhnlib-4.3.5-150400.3.3.3.noarch", "SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.17-150400.3.12.4.noarch", "SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.14-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.7-150400.3.9.4.ppc64le", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.7-150400.3.9.4.s390x", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.7-150400.3.9.4.x86_64", "SUSE Manager Server Module 4.3:saltboot-formula-0.1.1673279145.e7616bd-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:spacecmd-4.3.18-150400.3.12.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-4.3.27-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.27-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.27-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.17-150400.3.12.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.14-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-html-4.3.27-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-4.3.46-150400.3.28.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.46-150400.3.28.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.46-150400.3.28.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.46-150400.3.28.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-search-4.3.8-150400.3.9.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.46-150400.3.28.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-utils-4.3.16-150400.3.12.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.16-150400.3.12.3.noarch", "SUSE Manager Server Module 4.3:supportutils-plugin-susemanager-4.3.6-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:susemanager-4.3.23-150400.3.16.3.ppc64le", "SUSE Manager Server Module 4.3:susemanager-4.3.23-150400.3.16.3.s390x", "SUSE Manager Server Module 4.3:susemanager-4.3.23-150400.3.16.3.x86_64", "SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.7-150400.3.12.3.noarch", "SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.7-150400.3.12.3.noarch", "SUSE Manager Server Module 4.3:susemanager-docs_en-4.3-150400.9.19.1.noarch", "SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3-150400.9.19.1.noarch", "SUSE Manager Server Module 4.3:susemanager-schema-4.3.16-150400.3.12.4.noarch", "SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.16-150400.3.12.4.noarch", "SUSE Manager Server Module 4.3:susemanager-sls-4.3.29-150400.3.16.1.noarch", "SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.12-150400.3.11.3.noarch", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.3-150400.3.6.5.ppc64le", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.3-150400.3.6.5.s390x", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.3-150400.3.6.5.x86_64", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.23-150400.3.16.3.ppc64le", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.23-150400.3.16.3.s390x", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.23-150400.3.16.3.x86_64", "SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.29-150400.3.16.1.noarch", "SUSE Manager Server Module 4.3:uyuni-setup-reportdb-4.3.6-150400.3.3.4.noarch", "SUSE Manager Server Module 4.3:virtual-host-gatherer-1.0.24-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:virtual-host-gatherer-Kubernetes-1.0.24-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:virtual-host-gatherer-Nutanix-1.0.24-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:virtual-host-gatherer-VMware-1.0.24-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:virtual-host-gatherer-libcloud-1.0.24-150400.3.6.3.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.17.3.noarch", "SUSE Manager Server Module 4.3:drools-7.17.0-150400.3.9.3.noarch", "SUSE Manager Server Module 4.3:grafana-formula-0.8.0-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:image-sync-formula-0.1.1673279145.e7616bd-150400.3.9.3.noarch", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.6-150400.3.12.3.ppc64le", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.6-150400.3.12.3.s390x", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.6-150400.3.12.3.x86_64", "SUSE Manager Server Module 4.3:mgr-osa-dispatcher-4.3.7-150400.3.3.4.noarch", "SUSE Manager Server Module 4.3:mgr-push-4.3.5-150400.3.3.5.noarch", "SUSE Manager Server Module 4.3:python3-mgr-osa-common-4.3.7-150400.3.3.4.noarch", "SUSE Manager Server Module 4.3:python3-mgr-osa-dispatcher-4.3.7-150400.3.3.4.noarch", "SUSE Manager Server Module 4.3:python3-mgr-push-4.3.5-150400.3.3.5.noarch", "SUSE Manager Server Module 4.3:python3-rhnlib-4.3.5-150400.3.3.3.noarch", "SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.17-150400.3.12.4.noarch", "SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.14-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.7-150400.3.9.4.ppc64le", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.7-150400.3.9.4.s390x", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.7-150400.3.9.4.x86_64", "SUSE Manager Server Module 4.3:saltboot-formula-0.1.1673279145.e7616bd-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:spacecmd-4.3.18-150400.3.12.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.18-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-4.3.27-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.27-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.27-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.17-150400.3.12.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.14-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-html-4.3.27-150400.3.12.5.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-4.3.46-150400.3.28.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.46-150400.3.28.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.46-150400.3.28.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.46-150400.3.28.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-search-4.3.8-150400.3.9.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.46-150400.3.28.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-utils-4.3.16-150400.3.12.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.16-150400.3.12.3.noarch", "SUSE Manager Server Module 4.3:supportutils-plugin-susemanager-4.3.6-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:susemanager-4.3.23-150400.3.16.3.ppc64le", "SUSE Manager Server Module 4.3:susemanager-4.3.23-150400.3.16.3.s390x", "SUSE Manager Server Module 4.3:susemanager-4.3.23-150400.3.16.3.x86_64", "SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.7-150400.3.12.3.noarch", "SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.7-150400.3.12.3.noarch", "SUSE Manager Server Module 4.3:susemanager-docs_en-4.3-150400.9.19.1.noarch", "SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3-150400.9.19.1.noarch", "SUSE Manager Server Module 4.3:susemanager-schema-4.3.16-150400.3.12.4.noarch", "SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.16-150400.3.12.4.noarch", "SUSE Manager Server Module 4.3:susemanager-sls-4.3.29-150400.3.16.1.noarch", "SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.12-150400.3.11.3.noarch", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.3-150400.3.6.5.ppc64le", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.3-150400.3.6.5.s390x", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.3-150400.3.6.5.x86_64", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.23-150400.3.16.3.ppc64le", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.23-150400.3.16.3.s390x", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.23-150400.3.16.3.x86_64", "SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.29-150400.3.16.1.noarch", "SUSE Manager Server Module 4.3:uyuni-setup-reportdb-4.3.6-150400.3.3.4.noarch", "SUSE Manager Server Module 4.3:virtual-host-gatherer-1.0.24-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:virtual-host-gatherer-Kubernetes-1.0.24-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:virtual-host-gatherer-Nutanix-1.0.24-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:virtual-host-gatherer-VMware-1.0.24-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:virtual-host-gatherer-libcloud-1.0.24-150400.3.6.3.noarch", ], }, ], threats: [ { category: "impact", date: "2023-02-10T14:06:32Z", details: "moderate", }, ], title: "CVE-2022-1415", }, ], }
suse-su-2023:0592-1
Vulnerability from csaf_suse
Published
2023-03-02 08:32
Modified
2023-03-02 08:32
Summary
Security update for SUSE Manager Server 4.2
Notes
Title of the patch
Security update for SUSE Manager Server 4.2
Description of the patch
This update fixes the following issues:
cobbler:
- Fix improper authorization (bsc#1197027, CVE-2022-0860)
- Prevent error when starting up logrotate.service (bsc#1188191)
drools:
- Deserialization of Untrusted Data: unsafe data deserialization
in DroolsStreamUtils.java (bsc#1204879, CVE-2022-1415)
grafana-formula:
- Version 0.8.1
* Fix Uyuni/SUMA dashboard names
- Version 0.8.0
* Set dashboard names depending on project
* Update dashboards to use new JSON schema
* Fix PostgreSQL dashboard queries
* Migrate deprecated panels to their current replacements
- Version 0.7.1
* Fix default password field description (bsc#1203698)
* Do not require default admin and password fields
inter-server-sync:
- Version 0.2.7
* Do not update pillars table if it does not exists like in 4.2
- Version 0.2.6
* Export package extra tags for complete debian repo metatdata (bsc#1206375)
* Replace URLs in OS Images pillars when exporting and importing images
- Version 0.2.5
* Correct error when importing without debug log level (bsc#1204699)
mgr-osad:
- Version 4.2.9-1
* Updated logrotate configuration (bsc#1206470)
prometheus-formula:
- Version 0.7.0
* Switch from basic authentication to TLS certificate client
authentication for Blackbox exporter
* Fix scheme label in clients targets configration
* Add README.md
py27-compat-salt:
- Ignore extend declarations from excluded SLS files (bsc#1203886)
- Enhance capture of error messages for Zypper calls in zypperpkg module
rhnlib:
- Version 4.2.7-1
* Don't get stuck at the end of SSL transfers (bsc#1204032)
saltboot-formula:
- Update to version 0.1.1676908681.e90e0b1
* Add failsafe stop file when salt-minion does not stop (bsc#1208418)
* Support salt bundle (bsc#1208499)
salt-netapi-client:
- Version 0.21.0
* See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.21.0
- Add transactional_update module
- Improve logging when creating salt exception
smdba:
- Version 1.7.11
* fix config update from wal_keep_segments to wal_keep_size for
newer postgresql versions (bsc#1204519)
spacecmd:
- Version 4.2.21-1
* Prevent string api parameters to be parsed as dates if not in
ISO-8601 format (bsc#1205759)
* Add python-dateutil dependency, required to process date values in
spacecmd api calls
* Correctly understand 'ssm' keyword on scap scheduling
* Fix dict_keys not supporting indexing in systems_setconfigchannelorger
spacewalk-admin:
- Version 4.2.13-1
* Generate uyuni_roster.conf with salt-secrets-config (bsc#1200096)
spacewalk-backend:
- Version 4.2.26-1
* Fix reposync error about missing 'content-type' key when syncing certain channels
* Compute headers as list of two-tuples to be used by url grabber (bsc#1205523)
* Updated logrotate configuration (bsc#1206470)
* Add 'octet-stream' to accepted content-types for reposync mirrorlists
* Exclude invalid mirror urls for reposync (bsc#1203826)
* do not fetch mirrorlist when a file url is given
* Keep older module metadata files in database (bsc#1201893)
* Removed the activation keys report from the debug information
spacewalk-certs-tools:
- Version 4.2.19-1
* some i18n functions moved to new module which needs to be loaded
(bsc#1201142)
* Generated bootstrap scripts installs all needed Salt 3004 dependencies
for Ubuntu 18.04 (bsc#1204517)
spacewalk-client-tools:
- Version 4.2.22-1
* Update translation strings
spacewalk-java:
- Version 4.2.47-1
* Use uyuni roster salt module instead of flat roster files (bsc#1200096)
- Version 4.2.46-1
* Fix registration with proxy and tunnel SSH (bsc#1200096)
- Version 4.2.45-1
* Add 'none' matcher to CLM AppStream filters (bsc#1206817)
* Improve logs when sls action chain file is missing
* Do not forward ssh command if proxy and tunnel are present (bsc#1200096)
* Fix not being able to delete CLM environment if there are custom child
channels that where not built by the environment (bsc#1206932)
* Include missing 'gpg' states to avoid issues on SSH minions.
* Optimize the number of salt calls on minion startup (bsc#1203532)
* Fix CVE Audit ignoring errata in parent channels if patch in successor
product exists (bsc#1206168)
* Fix CVE Audit incorrectly displaying predecessor product (bsc#1205663)
* Fix modular channel check during system update via XMLRPC (bsc#1206613)
* Trigger a package profile update when a new live-patch is installed (bsc#1206249)
* prevent ISE on activation key page when selected base channel value is null
* Only remove product catalog if PAYG ssh credentials are defined (bsc#1205943)
* Updated logrotate configuration (bsc#1206470)
* Limit changelog data in generated metadata to 20 entries
* Fix CLM to not remove necessary packages when filtering erratas (bsc#1195979)
* check for NULL in DEB package install size value
* Allowed cancelling pending actions with a failed prerequisite (bsc#1204712)
* disable cloned vendor channel auto selection by default (bsc#1204186)
* adapt permissions of temporary ssh key directory
* format results for package, errata and image build actions in
system history similar to state apply results
* Fix ClassCastException
* Run only minion actions that are in the pending status (bsc#1205012)
* Manager reboot in transactional update action chain (bsc#1201476
* Optimize performance of config channels operations for UI and API (bsc#1204029)
* Don't add the same channel twice in the System config addChannel API (bsc#1204029)
* fix xmlrpc call randomly failing with translation error (bsc#1203633)
* Optimize action chain processing on job return event (bsc#1203532)
* Re-calculate salt event queue numbers on restart
* Fix out of memory error when building a CLM project (bsc#1202217)
* Process salt events in FIFO order (bsc#1203532)
* Remove 'SSM' column text where not applicable (bsc#1203588)
* Fix rendering of ssm/MigrateSystems page (bsc#1204651)
* Pass mgr_sudo_user pillar on salt ssh client cleanup (bsc#1202093)
* Deny packages from older module metadata when building CLM projects (bsc#1201893)
* Refresh pillar data for the assigned systems when a CLM channel is built (bsc#1200169)
* delay hardware refresh action to avoid missing channels (bsc#1204208)
* During re-activation, recalculate grains if
* Remove unused gson-extras.jar during build
spacewalk-search:
- Version 4.2.9-1
* Updated logrotate configuration (bsc#1206470)
spacewalk-web:
- Version 4.2.32-1
* Add 'none' matcher to CLM AppStream filters (bsc#1206817)
* fix frontend logging in react pages
* Add bugzilla references to past security fixes
* shell-quote fix CVE-2021-42740 (bsc#1203287)
* moment fix CVE-2022-31129 (bsc#1203288)
supportutils-plugin-susemanager:
- Version 4.2.5-1
* Added dependency for XML Simple
* update susemanager plugin to export the number of pending salt events
susemanager:
- Version 4.2.40-1
* Add mgr-salt-ssh wrapper to use with uyuni roster Salt module (bsc#1200096)
- Version 4.2.39-1
* fix bootstrap repo path for SLES for SAP 12 (bsc#1207141)
* make venv-salt-minion optional for SUSE Manager Proxy 4.2
bootstrap repository (bsc#1206933)
* show RHEL target for bootstrap repo creation only if it is
really connected to the CDN (bsc#1206861)
* add python3-extras to bootstrap repo as dependency of
python3-libxml2, optional SLES 15 does not have it and it
is only required on SP4 or greater (bsc#1204437)
susemanager-build-keys:
- Version 15.3.6
* Add rpmlintrc configuration, so 'W: backup-file-in-package' for
the keyring is ignored. We do not ship backup files, but we own them
because they are created each time gpg is called, and we want them
removed if the package is removed
- uyuni-build-keys.rpmlintrc
susemanager-doc-indexes:
- Include RHEL7 in Salt 3000 to Salt Bundle migration section of the
Client Configuration Guide
- Update Salt Bundle guide as Salt Bundle is now the default
registration method
- Re-added statement about Cobbler support in Reference Guide and Client
Configuration Guide (bsc#1206963)
- Added information about java.salt_event_thread_pool_size in Large
Deployments Guide
- Added information about GPG key usage in the Debian section of the
- Updated default number of changelog entries in Administration Guide
- Include migration guide from Salt 3000 to Bundle for SUSE Linux
Enterprise 12 and CentOS7 in Troubleshooting Clients
- Removed mentions to ABRT in Reference Guide
- Extended note about using Salt SSH with Salt Bundle in 4.2
- Fixed Liberty Linux client tools label in Client Configuration
Guide
susemanager-docs_en:
- Include RHEL7 in Salt 3000 to Salt Bundle migration section of the
Client Configuration Guide
- Update Salt Bundle guide as Salt Bundle is now the default
registration method
- Re-added statement about Cobbler support in Reference Guide and Client
Configuration Guide (bsc#1206963)
- Added information about java.salt_event_thread_pool_size in Large
Deployments Guide
- Added information about GPG key usage in the Debian section of the
- Updated default number of changelog entries in Administration Guide
- Include migration guide from Salt 3000 to Bundle for SUSE Linux
Enterprise 12 and CentOS7 in Troubleshooting Clients.
- Removed mentions to ABRT in Reference Guide
- Extended note about using Salt SSH with Salt Bundle in 4.2
- Fixed Liberty Linux client tools label in Client Configuration
Guide
susemanager-schema:
- Version 4.2.27-1
* Add created and modified fields to suseMinionInfo to make uyuni roster module cache validation more
accurate (bsc#1200096)
- Version 4.2.26-1
* Add 'none' matcher to CLM AppStream filters (bsc#1206817)
* Increase cron_expr varchar length to 120 in suseRecurringAction
table (bsc#1205040)
* Keep older module metadata files in database (bsc#1201893)
* Fix setting of last modified date in channel clone procedure
susemanager-sls:
- Version 4.2.30-1
* Flush uyuni roster cache if the config has changed
* Implement uyuni roster module for Salt (bsc#1200096)
- Version 4.2.30-1
* Fix dnf plugin path calculation when using Salt Bundle (bsc#1208335)
- Version 4.2.29-1
* Improve _mgractionchains.conf logs
* Prevent possible errors from 'mgractionschains' module when there is no action chain to resume.
* Fix mgrnet custom module to be compatible with old Python 2.6 (bsc#1206979) (bsc#1206981)
* Fix custom 'mgrcompat.module_run' state module to work with Salt 3005.1
* filter out libvirt engine events (bsc#1206146)
* Optimize the number of salt calls on minion startup (bsc#1203532)
* Updated logrotate configuration (bsc#1206470)
* Make libvirt-events.conf path depend on what minion is used (bsc#1205920)
* Fix kiwi inspect regexp to allow image names with '-' (bsc#1204541)
* Avoid installing recommended packages from assigned products (bsc#1204330)
* Manager reboot in transactional update action chain (bsc#1201476)
* Use the actual sudo user home directory for salt ssh
clients on bootstrap and clean up (bsc#1202093)
* Perform refresh with packages.pkgupdate state (bsc#1203884)
uyuni-common-libs:
- Version 4.2.9-1
* Fix crash due missing 'context_manager' when running salt-secrets-config service (bsc#1200096)
- Version 4.2.8-1
* some i18n functions moved to new module which needs to be loaded
(bsc#1201142)
virtual-host-gatherer:
- Version 1.0.24-1
* Report total memory of a libvirt hypervisor
* Improve interoperability with other Python projects
woodstox:
- CVE-2022-40152: Fixed stack overflow in XML serialization. (bsc#1203521)
How to apply this update:
1. Log in as root user to the SUSE Manager Server.
2. Stop the Spacewalk service:
`spacewalk-service stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service:
`spacewalk-service start`
Patchnames
SUSE-2023-592,SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-592,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-592
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for SUSE Manager Server 4.2", title: "Title of the patch", }, { category: "description", text: "This update fixes the following issues:\n\ncobbler:\n\n- Fix improper authorization (bsc#1197027, CVE-2022-0860)\n- Prevent error when starting up logrotate.service (bsc#1188191)\n\ndrools:\n\n- Deserialization of Untrusted Data: unsafe data deserialization\n in DroolsStreamUtils.java (bsc#1204879, CVE-2022-1415)\n\ngrafana-formula:\n\n- Version 0.8.1\n * Fix Uyuni/SUMA dashboard names\n- Version 0.8.0\n * Set dashboard names depending on project\n * Update dashboards to use new JSON schema\n * Fix PostgreSQL dashboard queries\n * Migrate deprecated panels to their current replacements\n- Version 0.7.1\n * Fix default password field description (bsc#1203698)\n * Do not require default admin and password fields\n\ninter-server-sync:\n\n- Version 0.2.7\n * Do not update pillars table if it does not exists like in 4.2\n- Version 0.2.6\n * Export package extra tags for complete debian repo metatdata (bsc#1206375)\n * Replace URLs in OS Images pillars when exporting and importing images\n- Version 0.2.5 \n * Correct error when importing without debug log level (bsc#1204699)\n\nmgr-osad:\n\n- Version 4.2.9-1\n * Updated logrotate configuration (bsc#1206470)\n\nprometheus-formula:\n\n- Version 0.7.0\n * Switch from basic authentication to TLS certificate client\n authentication for Blackbox exporter\n * Fix scheme label in clients targets configration\n * Add README.md\n\npy27-compat-salt:\n\n- Ignore extend declarations from excluded SLS files (bsc#1203886)\n- Enhance capture of error messages for Zypper calls in zypperpkg module\n\nrhnlib:\n\n- Version 4.2.7-1\n * Don't get stuck at the end of SSL transfers (bsc#1204032)\n\nsaltboot-formula:\n\n- Update to version 0.1.1676908681.e90e0b1\n * Add failsafe stop file when salt-minion does not stop (bsc#1208418)\n * Support salt bundle (bsc#1208499)\n\nsalt-netapi-client:\n\n- Version 0.21.0\n * See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.21.0\n- Add transactional_update module\n- Improve logging when creating salt exception\n\nsmdba:\n\n- Version 1.7.11\n * fix config update from wal_keep_segments to wal_keep_size for\n newer postgresql versions (bsc#1204519)\n\nspacecmd:\n\n- Version 4.2.21-1\n * Prevent string api parameters to be parsed as dates if not in\n ISO-8601 format (bsc#1205759)\n * Add python-dateutil dependency, required to process date values in\n spacecmd api calls\n * Correctly understand 'ssm' keyword on scap scheduling\n * Fix dict_keys not supporting indexing in systems_setconfigchannelorger\n\nspacewalk-admin:\n\n- Version 4.2.13-1\n * Generate uyuni_roster.conf with salt-secrets-config (bsc#1200096)\n\nspacewalk-backend:\n\n- Version 4.2.26-1\n * Fix reposync error about missing 'content-type' key when syncing certain channels\n * Compute headers as list of two-tuples to be used by url grabber (bsc#1205523)\n * Updated logrotate configuration (bsc#1206470)\n * Add 'octet-stream' to accepted content-types for reposync mirrorlists\n * Exclude invalid mirror urls for reposync (bsc#1203826)\n * do not fetch mirrorlist when a file url is given\n * Keep older module metadata files in database (bsc#1201893)\n * Removed the activation keys report from the debug information\n\nspacewalk-certs-tools:\n\n- Version 4.2.19-1\n * some i18n functions moved to new module which needs to be loaded\n (bsc#1201142)\n * Generated bootstrap scripts installs all needed Salt 3004 dependencies\n for Ubuntu 18.04 (bsc#1204517)\n\nspacewalk-client-tools:\n\n- Version 4.2.22-1\n * Update translation strings\n\nspacewalk-java:\n\n- Version 4.2.47-1\n * Use uyuni roster salt module instead of flat roster files (bsc#1200096)\n- Version 4.2.46-1\n * Fix registration with proxy and tunnel SSH (bsc#1200096)\n- Version 4.2.45-1\n * Add 'none' matcher to CLM AppStream filters (bsc#1206817)\n * Improve logs when sls action chain file is missing\n * Do not forward ssh command if proxy and tunnel are present (bsc#1200096)\n * Fix not being able to delete CLM environment if there are custom child\n channels that where not built by the environment (bsc#1206932)\n * Include missing 'gpg' states to avoid issues on SSH minions.\n * Optimize the number of salt calls on minion startup (bsc#1203532)\n * Fix CVE Audit ignoring errata in parent channels if patch in successor\n product exists (bsc#1206168)\n * Fix CVE Audit incorrectly displaying predecessor product (bsc#1205663)\n * Fix modular channel check during system update via XMLRPC (bsc#1206613)\n * Trigger a package profile update when a new live-patch is installed (bsc#1206249)\n * prevent ISE on activation key page when selected base channel value is null\n * Only remove product catalog if PAYG ssh credentials are defined (bsc#1205943)\n * Updated logrotate configuration (bsc#1206470)\n * Limit changelog data in generated metadata to 20 entries\n * Fix CLM to not remove necessary packages when filtering erratas (bsc#1195979)\n * check for NULL in DEB package install size value\n * Allowed cancelling pending actions with a failed prerequisite (bsc#1204712)\n * disable cloned vendor channel auto selection by default (bsc#1204186)\n * adapt permissions of temporary ssh key directory\n * format results for package, errata and image build actions in\n system history similar to state apply results\n * Fix ClassCastException\n * Run only minion actions that are in the pending status (bsc#1205012)\n * Manager reboot in transactional update action chain (bsc#1201476\n * Optimize performance of config channels operations for UI and API (bsc#1204029)\n * Don't add the same channel twice in the System config addChannel API (bsc#1204029)\n * fix xmlrpc call randomly failing with translation error (bsc#1203633)\n * Optimize action chain processing on job return event (bsc#1203532)\n * Re-calculate salt event queue numbers on restart\n * Fix out of memory error when building a CLM project (bsc#1202217)\n * Process salt events in FIFO order (bsc#1203532)\n * Remove 'SSM' column text where not applicable (bsc#1203588)\n * Fix rendering of ssm/MigrateSystems page (bsc#1204651)\n * Pass mgr_sudo_user pillar on salt ssh client cleanup (bsc#1202093)\n * Deny packages from older module metadata when building CLM projects (bsc#1201893)\n * Refresh pillar data for the assigned systems when a CLM channel is built (bsc#1200169)\n * delay hardware refresh action to avoid missing channels (bsc#1204208)\n * During re-activation, recalculate grains if\n * Remove unused gson-extras.jar during build\n\nspacewalk-search:\n\n- Version 4.2.9-1\n * Updated logrotate configuration (bsc#1206470)\n\nspacewalk-web:\n\n- Version 4.2.32-1\n * Add 'none' matcher to CLM AppStream filters (bsc#1206817)\n * fix frontend logging in react pages\n * Add bugzilla references to past security fixes\n * shell-quote fix CVE-2021-42740 (bsc#1203287)\n * moment fix CVE-2022-31129 (bsc#1203288)\n\nsupportutils-plugin-susemanager:\n\n- Version 4.2.5-1\n * Added dependency for XML Simple\n * update susemanager plugin to export the number of pending salt events\n\nsusemanager:\n\n- Version 4.2.40-1\n * Add mgr-salt-ssh wrapper to use with uyuni roster Salt module (bsc#1200096)\n- Version 4.2.39-1\n * fix bootstrap repo path for SLES for SAP 12 (bsc#1207141)\n * make venv-salt-minion optional for SUSE Manager Proxy 4.2\n bootstrap repository (bsc#1206933)\n * show RHEL target for bootstrap repo creation only if it is\n really connected to the CDN (bsc#1206861)\n * add python3-extras to bootstrap repo as dependency of\n python3-libxml2, optional SLES 15 does not have it and it\n is only required on SP4 or greater (bsc#1204437) \n\nsusemanager-build-keys:\n\n- Version 15.3.6\n * Add rpmlintrc configuration, so 'W: backup-file-in-package' for\n the keyring is ignored. We do not ship backup files, but we own them\n because they are created each time gpg is called, and we want them\n removed if the package is removed\n - uyuni-build-keys.rpmlintrc\n\nsusemanager-doc-indexes:\n\n- Include RHEL7 in Salt 3000 to Salt Bundle migration section of the\n Client Configuration Guide\n- Update Salt Bundle guide as Salt Bundle is now the default\n registration method\n- Re-added statement about Cobbler support in Reference Guide and Client\n Configuration Guide (bsc#1206963)\n- Added information about java.salt_event_thread_pool_size in Large\n Deployments Guide\n- Added information about GPG key usage in the Debian section of the\n- Updated default number of changelog entries in Administration Guide\n- Include migration guide from Salt 3000 to Bundle for SUSE Linux \n Enterprise 12 and CentOS7 in Troubleshooting Clients\n- Removed mentions to ABRT in Reference Guide\n- Extended note about using Salt SSH with Salt Bundle in 4.2\n- Fixed Liberty Linux client tools label in Client Configuration\n Guide\n\nsusemanager-docs_en:\n\n- Include RHEL7 in Salt 3000 to Salt Bundle migration section of the \n Client Configuration Guide\n- Update Salt Bundle guide as Salt Bundle is now the default \n registration method\n- Re-added statement about Cobbler support in Reference Guide and Client\n Configuration Guide (bsc#1206963)\n- Added information about java.salt_event_thread_pool_size in Large\n Deployments Guide\n- Added information about GPG key usage in the Debian section of the \n- Updated default number of changelog entries in Administration Guide\n- Include migration guide from Salt 3000 to Bundle for SUSE Linux \n Enterprise 12 and CentOS7 in Troubleshooting Clients.\n- Removed mentions to ABRT in Reference Guide\n- Extended note about using Salt SSH with Salt Bundle in 4.2\n- Fixed Liberty Linux client tools label in Client Configuration \n Guide\n\nsusemanager-schema:\n\n- Version 4.2.27-1\n * Add created and modified fields to suseMinionInfo to make uyuni roster module cache validation more \n accurate (bsc#1200096)\n- Version 4.2.26-1\n * Add 'none' matcher to CLM AppStream filters (bsc#1206817)\n * Increase cron_expr varchar length to 120 in suseRecurringAction\n table (bsc#1205040)\n * Keep older module metadata files in database (bsc#1201893)\n * Fix setting of last modified date in channel clone procedure\n\nsusemanager-sls:\n\n- Version 4.2.30-1\n * Flush uyuni roster cache if the config has changed\n * Implement uyuni roster module for Salt (bsc#1200096)\n- Version 4.2.30-1\n * Fix dnf plugin path calculation when using Salt Bundle (bsc#1208335)\n- Version 4.2.29-1\n * Improve _mgractionchains.conf logs\n * Prevent possible errors from 'mgractionschains' module when there is no action chain to resume.\n * Fix mgrnet custom module to be compatible with old Python 2.6 (bsc#1206979) (bsc#1206981)\n * Fix custom 'mgrcompat.module_run' state module to work with Salt 3005.1\n * filter out libvirt engine events (bsc#1206146)\n * Optimize the number of salt calls on minion startup (bsc#1203532)\n * Updated logrotate configuration (bsc#1206470)\n * Make libvirt-events.conf path depend on what minion is used (bsc#1205920)\n * Fix kiwi inspect regexp to allow image names with '-' (bsc#1204541)\n * Avoid installing recommended packages from assigned products (bsc#1204330)\n * Manager reboot in transactional update action chain (bsc#1201476)\n * Use the actual sudo user home directory for salt ssh\n clients on bootstrap and clean up (bsc#1202093)\n * Perform refresh with packages.pkgupdate state (bsc#1203884)\n\nuyuni-common-libs:\n\n- Version 4.2.9-1\n * Fix crash due missing 'context_manager' when running salt-secrets-config service (bsc#1200096)\n- Version 4.2.8-1\n * some i18n functions moved to new module which needs to be loaded\n (bsc#1201142)\n\nvirtual-host-gatherer:\n\n- Version 1.0.24-1\n * Report total memory of a libvirt hypervisor\n * Improve interoperability with other Python projects\n\nwoodstox:\n\n- CVE-2022-40152: Fixed stack overflow in XML serialization. (bsc#1203521)\n\nHow to apply this update:\n\n1. Log in as root user to the SUSE Manager Server.\n2. Stop the Spacewalk service:\n`spacewalk-service stop`\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Start the Spacewalk service:\n`spacewalk-service start`\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-592,SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-592,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-592", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0592-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:0592-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20230592-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:0592-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-February/018012.html", }, { category: "self", summary: "SUSE Bug 1188191", url: "https://bugzilla.suse.com/1188191", }, { category: "self", summary: "SUSE Bug 1195979", url: "https://bugzilla.suse.com/1195979", }, { category: "self", summary: "SUSE Bug 1197027", url: "https://bugzilla.suse.com/1197027", }, { category: "self", summary: "SUSE Bug 1200096", url: "https://bugzilla.suse.com/1200096", }, { category: "self", summary: "SUSE Bug 1200169", url: "https://bugzilla.suse.com/1200169", }, { category: "self", summary: "SUSE Bug 1201142", url: "https://bugzilla.suse.com/1201142", }, { category: "self", summary: "SUSE Bug 1201476", url: "https://bugzilla.suse.com/1201476", }, { category: "self", summary: "SUSE Bug 1201893", url: "https://bugzilla.suse.com/1201893", }, { category: "self", summary: "SUSE Bug 1202093", url: "https://bugzilla.suse.com/1202093", }, { category: "self", summary: "SUSE Bug 1202217", url: "https://bugzilla.suse.com/1202217", }, { category: "self", summary: "SUSE Bug 1203287", url: "https://bugzilla.suse.com/1203287", }, { category: "self", summary: "SUSE Bug 1203288", url: "https://bugzilla.suse.com/1203288", }, { category: "self", summary: "SUSE Bug 1203521", url: "https://bugzilla.suse.com/1203521", }, { category: "self", summary: "SUSE Bug 1203532", url: "https://bugzilla.suse.com/1203532", }, { category: "self", summary: "SUSE Bug 1203588", url: "https://bugzilla.suse.com/1203588", }, { category: "self", summary: "SUSE Bug 1203633", url: "https://bugzilla.suse.com/1203633", }, { category: "self", summary: "SUSE Bug 1203698", url: "https://bugzilla.suse.com/1203698", }, { category: "self", summary: "SUSE Bug 1203826", url: "https://bugzilla.suse.com/1203826", }, { category: "self", summary: "SUSE Bug 1203884", url: "https://bugzilla.suse.com/1203884", }, { category: "self", summary: "SUSE Bug 1203886", url: "https://bugzilla.suse.com/1203886", }, { category: "self", summary: "SUSE Bug 1204029", url: "https://bugzilla.suse.com/1204029", }, { category: "self", summary: "SUSE Bug 1204032", url: "https://bugzilla.suse.com/1204032", }, { category: "self", summary: "SUSE Bug 1204186", url: "https://bugzilla.suse.com/1204186", }, { category: "self", summary: "SUSE Bug 1204208", url: "https://bugzilla.suse.com/1204208", }, { category: "self", summary: "SUSE Bug 1204330", url: "https://bugzilla.suse.com/1204330", }, { category: "self", summary: "SUSE Bug 1204437", url: "https://bugzilla.suse.com/1204437", }, { category: "self", summary: "SUSE Bug 1204517", url: "https://bugzilla.suse.com/1204517", }, { category: "self", summary: "SUSE Bug 1204519", url: "https://bugzilla.suse.com/1204519", }, { category: "self", summary: "SUSE Bug 1204541", url: "https://bugzilla.suse.com/1204541", }, { category: "self", summary: "SUSE Bug 1204651", url: "https://bugzilla.suse.com/1204651", }, { category: "self", summary: "SUSE Bug 1204699", url: "https://bugzilla.suse.com/1204699", }, { category: "self", summary: "SUSE Bug 1204712", url: "https://bugzilla.suse.com/1204712", }, { category: "self", summary: "SUSE Bug 1204879", url: "https://bugzilla.suse.com/1204879", }, { category: "self", summary: "SUSE Bug 1205012", url: "https://bugzilla.suse.com/1205012", }, { category: "self", summary: "SUSE Bug 1205040", url: "https://bugzilla.suse.com/1205040", }, { category: "self", summary: "SUSE Bug 1205523", url: "https://bugzilla.suse.com/1205523", }, { category: "self", summary: "SUSE Bug 1205663", url: "https://bugzilla.suse.com/1205663", }, { category: "self", summary: "SUSE Bug 1205759", url: "https://bugzilla.suse.com/1205759", }, { category: "self", summary: "SUSE Bug 1205920", url: "https://bugzilla.suse.com/1205920", }, { category: "self", summary: "SUSE Bug 1205943", url: "https://bugzilla.suse.com/1205943", }, { category: "self", summary: "SUSE Bug 1206146", url: "https://bugzilla.suse.com/1206146", }, { category: "self", summary: "SUSE Bug 1206168", url: "https://bugzilla.suse.com/1206168", }, { category: "self", summary: "SUSE Bug 1206249", url: "https://bugzilla.suse.com/1206249", }, { category: "self", summary: "SUSE Bug 1206375", url: "https://bugzilla.suse.com/1206375", }, { category: "self", summary: "SUSE Bug 1206470", url: "https://bugzilla.suse.com/1206470", }, { category: "self", summary: "SUSE Bug 1206613", url: "https://bugzilla.suse.com/1206613", }, { category: "self", summary: "SUSE Bug 1206817", url: "https://bugzilla.suse.com/1206817", }, { category: "self", summary: "SUSE Bug 1206861", url: "https://bugzilla.suse.com/1206861", }, { category: "self", summary: "SUSE Bug 1206932", url: "https://bugzilla.suse.com/1206932", }, { category: "self", summary: "SUSE Bug 1206933", url: "https://bugzilla.suse.com/1206933", }, { category: "self", summary: "SUSE Bug 1206963", url: "https://bugzilla.suse.com/1206963", }, { category: "self", summary: "SUSE Bug 1206979", url: "https://bugzilla.suse.com/1206979", }, { category: "self", summary: "SUSE Bug 1206981", url: "https://bugzilla.suse.com/1206981", }, { category: "self", summary: "SUSE Bug 1207141", url: "https://bugzilla.suse.com/1207141", }, { category: "self", summary: "SUSE Bug 1208335", url: "https://bugzilla.suse.com/1208335", }, { category: "self", summary: "SUSE Bug 1208418", url: "https://bugzilla.suse.com/1208418", }, { category: "self", summary: "SUSE Bug 1208499", url: "https://bugzilla.suse.com/1208499", }, { category: "self", summary: "SUSE CVE CVE-2021-42740 page", url: "https://www.suse.com/security/cve/CVE-2021-42740/", }, { category: "self", summary: "SUSE CVE CVE-2022-0860 page", url: "https://www.suse.com/security/cve/CVE-2022-0860/", }, { category: "self", summary: "SUSE CVE CVE-2022-1415 page", url: "https://www.suse.com/security/cve/CVE-2022-1415/", }, { category: "self", summary: "SUSE CVE CVE-2022-31129 page", url: "https://www.suse.com/security/cve/CVE-2022-31129/", }, { category: "self", summary: "SUSE CVE CVE-2022-40152 page", url: "https://www.suse.com/security/cve/CVE-2022-40152/", }, ], title: "Security update for SUSE Manager Server 4.2", tracking: { current_release_date: "2023-03-02T08:32:44Z", generator: { date: "2023-03-02T08:32:44Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:0592-1", initial_release_date: "2023-03-02T08:32:44Z", revision_history: [ { date: "2023-03-02T08:32:44Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "inter-server-sync-0.2.7-150300.8.28.2.aarch64", product: { name: "inter-server-sync-0.2.7-150300.8.28.2.aarch64", product_id: "inter-server-sync-0.2.7-150300.8.28.2.aarch64", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.2.9-150300.3.14.1.aarch64", product: { name: "python2-uyuni-common-libs-4.2.9-150300.3.14.1.aarch64", product_id: "python2-uyuni-common-libs-4.2.9-150300.3.14.1.aarch64", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.aarch64", product: { name: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.aarch64", product_id: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.aarch64", }, }, { category: "product_version", name: "smdba-1.7.11-0.150300.3.12.2.aarch64", product: { name: "smdba-1.7.11-0.150300.3.12.2.aarch64", product_id: "smdba-1.7.11-0.150300.3.12.2.aarch64", }, }, { category: "product_version", name: "susemanager-4.2.40-150300.3.49.1.aarch64", product: { name: "susemanager-4.2.40-150300.3.49.1.aarch64", product_id: "susemanager-4.2.40-150300.3.49.1.aarch64", }, }, { category: "product_version", name: "susemanager-tools-4.2.40-150300.3.49.1.aarch64", product: { name: "susemanager-tools-4.2.40-150300.3.49.1.aarch64", product_id: "susemanager-tools-4.2.40-150300.3.49.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "cobbler-3.1.2-150300.5.19.1.noarch", product: { name: "cobbler-3.1.2-150300.5.19.1.noarch", product_id: "cobbler-3.1.2-150300.5.19.1.noarch", }, }, { category: "product_version", name: "cobbler-tests-3.1.2-150300.5.19.1.noarch", product: { name: "cobbler-tests-3.1.2-150300.5.19.1.noarch", product_id: "cobbler-tests-3.1.2-150300.5.19.1.noarch", }, }, { category: "product_version", name: "cobbler-web-3.1.2-150300.5.19.1.noarch", product: { name: "cobbler-web-3.1.2-150300.5.19.1.noarch", product_id: "cobbler-web-3.1.2-150300.5.19.1.noarch", }, }, { category: "product_version", name: "drools-7.17.0-150300.4.9.2.noarch", product: { name: "drools-7.17.0-150300.4.9.2.noarch", product_id: "drools-7.17.0-150300.4.9.2.noarch", }, }, { category: "product_version", name: "grafana-formula-0.8.1-150300.3.9.2.noarch", product: { name: "grafana-formula-0.8.1-150300.3.9.2.noarch", product_id: "grafana-formula-0.8.1-150300.3.9.2.noarch", }, }, { category: "product_version", name: "mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", product: { name: "mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", product_id: "mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", }, }, { category: "product_version", name: "mgr-osad-4.2.9-150300.2.12.2.noarch", product: { name: "mgr-osad-4.2.9-150300.2.12.2.noarch", product_id: "mgr-osad-4.2.9-150300.2.12.2.noarch", }, }, { category: "product_version", name: "prometheus-formula-0.7.0-150300.3.17.2.noarch", product: { name: "prometheus-formula-0.7.0-150300.3.17.2.noarch", product_id: "prometheus-formula-0.7.0-150300.3.17.2.noarch", }, }, { category: "product_version", name: "py27-compat-salt-3000.3-150300.7.7.29.2.noarch", product: { name: "py27-compat-salt-3000.3-150300.7.7.29.2.noarch", product_id: "py27-compat-salt-3000.3-150300.7.7.29.2.noarch", }, }, { category: "product_version", name: "python2-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", product: { name: "python2-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", product_id: "python2-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", }, }, { category: "product_version", name: "python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", product: { name: "python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", product_id: "python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", }, }, { category: "product_version", name: "python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", product: { name: "python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", product_id: "python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", }, }, { category: "product_version", name: "python3-mgr-osad-4.2.9-150300.2.12.2.noarch", product: { name: "python3-mgr-osad-4.2.9-150300.2.12.2.noarch", product_id: "python3-mgr-osad-4.2.9-150300.2.12.2.noarch", }, }, { category: "product_version", name: "python3-rhnlib-4.2.7-150300.4.12.2.noarch", product: { name: "python3-rhnlib-4.2.7-150300.4.12.2.noarch", product_id: "python3-rhnlib-4.2.7-150300.4.12.2.noarch", }, }, { category: "product_version", name: "python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", product: { name: "python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", product_id: "python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", }, }, { category: "product_version", name: "python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", product: { name: "python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", product_id: "python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", }, }, { category: "product_version", name: "python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", product: { name: "python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", product_id: "python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", }, }, { category: "product_version", name: "python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", product: { name: "python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", product_id: "python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", }, }, { category: "product_version", name: "salt-netapi-client-0.21.0-150300.3.12.4.noarch", product: { name: "salt-netapi-client-0.21.0-150300.3.12.4.noarch", product_id: "salt-netapi-client-0.21.0-150300.3.12.4.noarch", }, }, { category: "product_version", name: "salt-netapi-client-javadoc-0.21.0-150300.3.12.4.noarch", product: { name: "salt-netapi-client-javadoc-0.21.0-150300.3.12.4.noarch", product_id: "salt-netapi-client-javadoc-0.21.0-150300.3.12.4.noarch", }, }, { category: "product_version", name: "saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", product: { name: "saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", product_id: "saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", }, }, { category: "product_version", name: "spacecmd-4.2.21-150300.4.33.2.noarch", product: { name: "spacecmd-4.2.21-150300.4.33.2.noarch", product_id: "spacecmd-4.2.21-150300.4.33.2.noarch", }, }, { category: "product_version", name: "spacewalk-admin-4.2.13-150300.3.18.1.noarch", product: { name: "spacewalk-admin-4.2.13-150300.3.18.1.noarch", product_id: "spacewalk-admin-4.2.13-150300.3.18.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-4.2.26-150300.4.35.6.noarch", product: { name: "spacewalk-backend-4.2.26-150300.4.35.6.noarch", product_id: "spacewalk-backend-4.2.26-150300.4.35.6.noarch", }, }, { category: "product_version", name: "spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", product: { name: "spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", product_id: "spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", }, }, { category: "product_version", name: "spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", product: { name: "spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", product_id: "spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", }, }, { category: "product_version", name: "spacewalk-backend-cdn-4.2.26-150300.4.35.6.noarch", product: { name: "spacewalk-backend-cdn-4.2.26-150300.4.35.6.noarch", product_id: "spacewalk-backend-cdn-4.2.26-150300.4.35.6.noarch", }, }, { category: "product_version", name: "spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", product: { name: "spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", product_id: "spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", }, }, { category: "product_version", name: "spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", product: { name: "spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", product_id: "spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", }, }, { category: "product_version", name: "spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", product: { name: "spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", product_id: "spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", }, }, { category: "product_version", name: "spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", product: { name: "spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", product_id: "spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", }, }, { category: "product_version", name: "spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", product: { name: "spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", product_id: "spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", }, }, { category: "product_version", name: "spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", product: { name: "spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", product_id: "spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", }, }, { category: "product_version", name: "spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", product: { name: "spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", product_id: "spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", }, }, { category: "product_version", name: "spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", product: { name: "spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", product_id: "spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", }, }, { category: "product_version", name: "spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", product: { name: "spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", product_id: "spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", }, }, { category: "product_version", name: "spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", product: { name: "spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", product_id: "spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", }, }, { category: "product_version", name: "spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", product: { name: "spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", product_id: "spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", }, }, { category: "product_version", name: "spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", product: { name: "spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", product_id: "spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", }, }, { category: "product_version", name: "spacewalk-base-4.2.32-150300.3.36.4.noarch", product: { name: "spacewalk-base-4.2.32-150300.3.36.4.noarch", product_id: "spacewalk-base-4.2.32-150300.3.36.4.noarch", }, }, { category: "product_version", name: "spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", product: { name: "spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", product_id: "spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", }, }, { category: "product_version", name: "spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", product: { name: "spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", product_id: "spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", }, }, { category: "product_version", name: "spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", product: { name: "spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", product_id: "spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", }, }, { category: "product_version", name: "spacewalk-check-4.2.22-150300.4.30.2.noarch", product: { name: "spacewalk-check-4.2.22-150300.4.30.2.noarch", product_id: "spacewalk-check-4.2.22-150300.4.30.2.noarch", }, }, { category: "product_version", name: "spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", product: { name: "spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", product_id: "spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", }, }, { category: "product_version", name: "spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", product: { name: "spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", product_id: "spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", }, }, { category: "product_version", name: "spacewalk-dobby-4.2.32-150300.3.36.4.noarch", product: { name: "spacewalk-dobby-4.2.32-150300.3.36.4.noarch", product_id: "spacewalk-dobby-4.2.32-150300.3.36.4.noarch", }, }, { category: "product_version", name: "spacewalk-html-4.2.32-150300.3.36.4.noarch", product: { name: "spacewalk-html-4.2.32-150300.3.36.4.noarch", product_id: "spacewalk-html-4.2.32-150300.3.36.4.noarch", }, }, { category: "product_version", name: "spacewalk-html-debug-4.2.32-150300.3.36.4.noarch", product: { name: "spacewalk-html-debug-4.2.32-150300.3.36.4.noarch", product_id: "spacewalk-html-debug-4.2.32-150300.3.36.4.noarch", }, }, { category: "product_version", name: "spacewalk-java-4.2.47-150300.3.58.1.noarch", product: { name: "spacewalk-java-4.2.47-150300.3.58.1.noarch", product_id: "spacewalk-java-4.2.47-150300.3.58.1.noarch", }, }, { category: "product_version", name: "spacewalk-java-apidoc-sources-4.2.47-150300.3.58.1.noarch", product: { name: "spacewalk-java-apidoc-sources-4.2.47-150300.3.58.1.noarch", product_id: "spacewalk-java-apidoc-sources-4.2.47-150300.3.58.1.noarch", }, }, { category: "product_version", name: "spacewalk-java-config-4.2.47-150300.3.58.1.noarch", product: { name: "spacewalk-java-config-4.2.47-150300.3.58.1.noarch", product_id: "spacewalk-java-config-4.2.47-150300.3.58.1.noarch", }, }, { category: "product_version", name: "spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", product: { name: "spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", product_id: "spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", }, }, { category: "product_version", name: "spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", product: { name: "spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", product_id: "spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", product: { name: "spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", product_id: "spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", product: { name: "spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", product_id: "spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", product: { name: "spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", product_id: "spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", product: { name: "spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", product_id: "spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", product: { name: "spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", product_id: "spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", product: { name: "spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", product_id: "spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", product: { name: "spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", product_id: "spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", }, }, { category: "product_version", name: "spacewalk-search-4.2.9-150300.3.15.2.noarch", product: { name: "spacewalk-search-4.2.9-150300.3.15.2.noarch", product_id: "spacewalk-search-4.2.9-150300.3.15.2.noarch", }, }, { category: "product_version", name: "spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", product: { name: "spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", product_id: "spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", }, }, { category: "product_version", name: "supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", product: { name: "supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", product_id: "supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", }, }, { category: "product_version", name: "susemanager-build-keys-15.3.6-150300.3.6.2.noarch", product: { name: "susemanager-build-keys-15.3.6-150300.3.6.2.noarch", product_id: "susemanager-build-keys-15.3.6-150300.3.6.2.noarch", }, }, { category: "product_version", name: "susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", product: { name: "susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", product_id: "susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", }, }, { category: "product_version", name: "susemanager-doc-indexes-4.2-150300.12.39.4.noarch", product: { name: "susemanager-doc-indexes-4.2-150300.12.39.4.noarch", product_id: "susemanager-doc-indexes-4.2-150300.12.39.4.noarch", }, }, { category: "product_version", name: "susemanager-docs_en-4.2-150300.12.39.2.noarch", product: { name: "susemanager-docs_en-4.2-150300.12.39.2.noarch", product_id: "susemanager-docs_en-4.2-150300.12.39.2.noarch", }, }, { category: "product_version", name: "susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", product: { name: "susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", product_id: "susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", }, }, { category: "product_version", name: "susemanager-schema-4.2.27-150300.3.35.1.noarch", product: { name: "susemanager-schema-4.2.27-150300.3.35.1.noarch", product_id: "susemanager-schema-4.2.27-150300.3.35.1.noarch", }, }, { category: "product_version", name: "susemanager-schema-sanity-4.2.27-150300.3.35.1.noarch", product: { name: "susemanager-schema-sanity-4.2.27-150300.3.35.1.noarch", product_id: "susemanager-schema-sanity-4.2.27-150300.3.35.1.noarch", }, }, { category: "product_version", name: "susemanager-sls-4.2.31-150300.3.43.1.noarch", product: { name: "susemanager-sls-4.2.31-150300.3.43.1.noarch", product_id: "susemanager-sls-4.2.31-150300.3.43.1.noarch", }, }, { category: "product_version", name: "uyuni-config-modules-4.2.31-150300.3.43.1.noarch", product: { name: "uyuni-config-modules-4.2.31-150300.3.43.1.noarch", product_id: "uyuni-config-modules-4.2.31-150300.3.43.1.noarch", }, }, { category: "product_version", name: "virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", product: { name: "virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", product_id: "virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", }, }, { category: "product_version", name: "virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", product: { name: "virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", product_id: "virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", }, }, { category: "product_version", name: "virtual-host-gatherer-Libvirt-1.0.24-150300.3.9.2.noarch", product: { name: "virtual-host-gatherer-Libvirt-1.0.24-150300.3.9.2.noarch", product_id: "virtual-host-gatherer-Libvirt-1.0.24-150300.3.9.2.noarch", }, }, { category: "product_version", name: "virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", product: { name: "virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", product_id: "virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", }, }, { category: "product_version", name: "virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", product: { name: "virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", product_id: "virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", }, }, { category: "product_version", name: "virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", product: { name: "virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", product_id: "virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", }, }, { category: "product_version", name: "woodstox-4.4.2-150300.3.6.2.noarch", product: { name: "woodstox-4.4.2-150300.3.6.2.noarch", product_id: "woodstox-4.4.2-150300.3.6.2.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "inter-server-sync-0.2.7-150300.8.28.2.ppc64le", product: { name: "inter-server-sync-0.2.7-150300.8.28.2.ppc64le", product_id: "inter-server-sync-0.2.7-150300.8.28.2.ppc64le", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", product: { name: "python2-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", product_id: "python2-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", product: { name: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", product_id: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", }, }, { category: "product_version", name: "smdba-1.7.11-0.150300.3.12.2.ppc64le", product: { name: "smdba-1.7.11-0.150300.3.12.2.ppc64le", product_id: "smdba-1.7.11-0.150300.3.12.2.ppc64le", }, }, { category: "product_version", name: "susemanager-4.2.40-150300.3.49.1.ppc64le", product: { name: "susemanager-4.2.40-150300.3.49.1.ppc64le", product_id: "susemanager-4.2.40-150300.3.49.1.ppc64le", }, }, { category: "product_version", name: "susemanager-tools-4.2.40-150300.3.49.1.ppc64le", product: { name: "susemanager-tools-4.2.40-150300.3.49.1.ppc64le", product_id: "susemanager-tools-4.2.40-150300.3.49.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "inter-server-sync-0.2.7-150300.8.28.2.s390x", product: { name: "inter-server-sync-0.2.7-150300.8.28.2.s390x", product_id: "inter-server-sync-0.2.7-150300.8.28.2.s390x", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", product: { name: "python2-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", product_id: "python2-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", product: { name: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", product_id: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", }, }, { category: "product_version", name: "smdba-1.7.11-0.150300.3.12.2.s390x", product: { name: "smdba-1.7.11-0.150300.3.12.2.s390x", product_id: "smdba-1.7.11-0.150300.3.12.2.s390x", }, }, { category: "product_version", name: "susemanager-4.2.40-150300.3.49.1.s390x", product: { name: "susemanager-4.2.40-150300.3.49.1.s390x", product_id: "susemanager-4.2.40-150300.3.49.1.s390x", }, }, { category: "product_version", name: "susemanager-tools-4.2.40-150300.3.49.1.s390x", product: { name: "susemanager-tools-4.2.40-150300.3.49.1.s390x", product_id: "susemanager-tools-4.2.40-150300.3.49.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "inter-server-sync-0.2.7-150300.8.28.2.x86_64", product: { name: "inter-server-sync-0.2.7-150300.8.28.2.x86_64", product_id: "inter-server-sync-0.2.7-150300.8.28.2.x86_64", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", product: { name: "python2-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", product_id: "python2-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", product: { name: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", product_id: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", }, }, { category: "product_version", name: "smdba-1.7.11-0.150300.3.12.2.x86_64", product: { name: "smdba-1.7.11-0.150300.3.12.2.x86_64", product_id: "smdba-1.7.11-0.150300.3.12.2.x86_64", }, }, { category: "product_version", name: "susemanager-4.2.40-150300.3.49.1.x86_64", product: { name: "susemanager-4.2.40-150300.3.49.1.x86_64", product_id: "susemanager-4.2.40-150300.3.49.1.x86_64", }, }, { category: "product_version", name: "susemanager-tools-4.2.40-150300.3.49.1.x86_64", product: { name: "susemanager-tools-4.2.40-150300.3.49.1.x86_64", product_id: "susemanager-tools-4.2.40-150300.3.49.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Manager Proxy Module 4.2", product: { name: "SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-suse-manager-proxy:4.2", }, }, }, { category: "product_name", name: "SUSE Manager Server Module 4.2", product: { name: "SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-suse-manager-server:4.2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "mgr-osad-4.2.9-150300.2.12.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch", }, product_reference: "mgr-osad-4.2.9-150300.2.12.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", }, product_reference: "python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-osad-4.2.9-150300.2.12.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch", }, product_reference: "python3-mgr-osad-4.2.9-150300.2.12.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-rhnlib-4.2.7-150300.4.12.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", }, product_reference: "python3-rhnlib-4.2.7-150300.4.12.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", }, product_reference: "python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-check-4.2.22-150300.4.30.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", }, product_reference: "python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", }, product_reference: "python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", }, product_reference: "python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64 as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", }, product_reference: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacecmd-4.2.21-150300.4.33.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", }, product_reference: "spacecmd-4.2.21-150300.4.33.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", }, product_reference: "spacewalk-backend-4.2.26-150300.4.35.6.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", }, product_reference: "spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", }, product_reference: "spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", }, product_reference: "spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-check-4.2.22-150300.4.30.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch", }, product_reference: "spacewalk-check-4.2.22-150300.4.30.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-setup-4.2.22-150300.4.30.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", }, product_reference: "spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-tools-4.2.22-150300.4.30.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", }, product_reference: "spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", }, product_reference: "spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", }, product_reference: "spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", }, product_reference: "spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", }, product_reference: "spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", }, product_reference: "spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", }, product_reference: "spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", }, product_reference: "spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-build-keys-15.3.6-150300.3.6.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", }, product_reference: "susemanager-build-keys-15.3.6-150300.3.6.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", }, product_reference: "susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "cobbler-3.1.2-150300.5.19.1.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch", }, product_reference: "cobbler-3.1.2-150300.5.19.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "drools-7.17.0-150300.4.9.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch", }, product_reference: "drools-7.17.0-150300.4.9.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "grafana-formula-0.8.1-150300.3.9.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch", }, product_reference: "grafana-formula-0.8.1-150300.3.9.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "inter-server-sync-0.2.7-150300.8.28.2.ppc64le as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le", }, product_reference: "inter-server-sync-0.2.7-150300.8.28.2.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "inter-server-sync-0.2.7-150300.8.28.2.s390x as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x", }, product_reference: "inter-server-sync-0.2.7-150300.8.28.2.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "inter-server-sync-0.2.7-150300.8.28.2.x86_64 as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64", }, product_reference: "inter-server-sync-0.2.7-150300.8.28.2.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", }, product_reference: "mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "prometheus-formula-0.7.0-150300.3.17.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch", }, product_reference: "prometheus-formula-0.7.0-150300.3.17.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "py27-compat-salt-3000.3-150300.7.7.29.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch", }, product_reference: "py27-compat-salt-3000.3-150300.7.7.29.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", }, product_reference: "python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", }, product_reference: "python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-rhnlib-4.2.7-150300.4.12.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", }, product_reference: "python3-rhnlib-4.2.7-150300.4.12.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", }, product_reference: "python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", }, product_reference: "python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", }, product_reference: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", }, product_reference: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64 as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", }, product_reference: "python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "salt-netapi-client-0.21.0-150300.3.12.4.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch", }, product_reference: "salt-netapi-client-0.21.0-150300.3.12.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", }, product_reference: "saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "smdba-1.7.11-0.150300.3.12.2.ppc64le as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le", }, product_reference: "smdba-1.7.11-0.150300.3.12.2.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "smdba-1.7.11-0.150300.3.12.2.s390x as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x", }, product_reference: "smdba-1.7.11-0.150300.3.12.2.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "smdba-1.7.11-0.150300.3.12.2.x86_64 as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64", }, product_reference: "smdba-1.7.11-0.150300.3.12.2.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacecmd-4.2.21-150300.4.33.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", }, product_reference: "spacecmd-4.2.21-150300.4.33.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-admin-4.2.13-150300.3.18.1.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch", }, product_reference: "spacewalk-admin-4.2.13-150300.3.18.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", }, product_reference: "spacewalk-backend-4.2.26-150300.4.35.6.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-app-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", }, product_reference: "spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", }, product_reference: "spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", }, product_reference: "spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", }, product_reference: "spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", }, product_reference: "spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", }, product_reference: "spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", }, product_reference: "spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", }, product_reference: "spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-server-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", }, product_reference: "spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", }, product_reference: "spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", }, product_reference: "spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", }, product_reference: "spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", }, product_reference: "spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", }, product_reference: "spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-4.2.32-150300.3.36.4.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch", }, product_reference: "spacewalk-base-4.2.32-150300.3.36.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", }, product_reference: "spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", }, product_reference: "spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", }, product_reference: "spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-tools-4.2.22-150300.4.30.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", }, product_reference: "spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-html-4.2.32-150300.3.36.4.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch", }, product_reference: "spacewalk-html-4.2.32-150300.3.36.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-4.2.47-150300.3.58.1.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch", }, product_reference: "spacewalk-java-4.2.47-150300.3.58.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-config-4.2.47-150300.3.58.1.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch", }, product_reference: "spacewalk-java-config-4.2.47-150300.3.58.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-lib-4.2.47-150300.3.58.1.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", }, product_reference: "spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", }, product_reference: "spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-search-4.2.9-150300.3.15.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch", }, product_reference: "spacewalk-search-4.2.9-150300.3.15.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", }, product_reference: "spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", }, product_reference: "supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-4.2.40-150300.3.49.1.ppc64le as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le", }, product_reference: "susemanager-4.2.40-150300.3.49.1.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-4.2.40-150300.3.49.1.s390x as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x", }, product_reference: "susemanager-4.2.40-150300.3.49.1.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-4.2.40-150300.3.49.1.x86_64 as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64", }, product_reference: "susemanager-4.2.40-150300.3.49.1.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-build-keys-15.3.6-150300.3.6.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", }, product_reference: "susemanager-build-keys-15.3.6-150300.3.6.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", }, product_reference: "susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-doc-indexes-4.2-150300.12.39.4.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch", }, product_reference: "susemanager-doc-indexes-4.2-150300.12.39.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-docs_en-4.2-150300.12.39.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch", }, product_reference: "susemanager-docs_en-4.2-150300.12.39.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", }, product_reference: "susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-schema-4.2.27-150300.3.35.1.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch", }, product_reference: "susemanager-schema-4.2.27-150300.3.35.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-sls-4.2.31-150300.3.43.1.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch", }, product_reference: "susemanager-sls-4.2.31-150300.3.43.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-tools-4.2.40-150300.3.49.1.ppc64le as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le", }, product_reference: "susemanager-tools-4.2.40-150300.3.49.1.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-tools-4.2.40-150300.3.49.1.s390x as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x", }, product_reference: "susemanager-tools-4.2.40-150300.3.49.1.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-tools-4.2.40-150300.3.49.1.x86_64 as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64", }, product_reference: "susemanager-tools-4.2.40-150300.3.49.1.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "uyuni-config-modules-4.2.31-150300.3.43.1.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch", }, product_reference: "uyuni-config-modules-4.2.31-150300.3.43.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "virtual-host-gatherer-1.0.24-150300.3.9.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", }, product_reference: "virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", }, product_reference: "virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", }, product_reference: "virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", }, product_reference: "virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", }, product_reference: "virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "woodstox-4.4.2-150300.3.6.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch", }, product_reference: "woodstox-4.4.2-150300.3.6.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, ], }, vulnerabilities: [ { cve: "CVE-2021-42740", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-42740", }, ], notes: [ { category: "general", text: "The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch", "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64", "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64", "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-42740", url: "https://www.suse.com/security/cve/CVE-2021-42740", }, { category: "external", summary: "SUSE Bug 1203287 for CVE-2021-42740", url: "https://bugzilla.suse.com/1203287", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch", "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64", "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64", "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch", "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64", "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64", "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch", ], }, ], threats: [ { category: "impact", date: "2023-03-02T08:32:44Z", details: "critical", }, ], title: "CVE-2021-42740", }, { cve: "CVE-2022-0860", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-0860", }, ], notes: [ { category: "general", text: "Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch", "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64", "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64", "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-0860", url: "https://www.suse.com/security/cve/CVE-2022-0860", }, { category: "external", summary: "SUSE Bug 1197027 for CVE-2022-0860", url: "https://bugzilla.suse.com/1197027", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch", "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64", "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64", "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch", "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64", "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64", "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch", ], }, ], threats: [ { category: "impact", date: "2023-03-02T08:32:44Z", details: "important", }, ], title: "CVE-2022-0860", }, { cve: "CVE-2022-1415", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-1415", }, ], notes: [ { category: "general", text: "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch", "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64", "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64", "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-1415", url: "https://www.suse.com/security/cve/CVE-2022-1415", }, { category: "external", summary: "SUSE Bug 1204879 for CVE-2022-1415", url: "https://bugzilla.suse.com/1204879", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch", "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64", "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64", "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch", "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64", "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64", "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch", ], }, ], threats: [ { category: "impact", date: "2023-03-02T08:32:44Z", details: "moderate", }, ], title: "CVE-2022-1415", }, { cve: "CVE-2022-31129", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-31129", }, ], notes: [ { category: "general", text: "moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch", "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64", "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64", "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-31129", url: "https://www.suse.com/security/cve/CVE-2022-31129", }, { category: "external", summary: "SUSE Bug 1203288 for CVE-2022-31129", url: "https://bugzilla.suse.com/1203288", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch", "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64", "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64", "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch", "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64", "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64", "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch", ], }, ], threats: [ { category: "impact", date: "2023-03-02T08:32:44Z", details: "important", }, ], title: "CVE-2022-31129", }, { cve: "CVE-2022-40152", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-40152", }, ], notes: [ { category: "general", text: "Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch", "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64", "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64", "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-40152", url: "https://www.suse.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "SUSE Bug 1203521 for CVE-2022-40152", url: "https://bugzilla.suse.com/1203521", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch", "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64", "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64", "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch", "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64", "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch", "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x", "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64", "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch", "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch", "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch", ], }, ], threats: [ { category: "impact", date: "2023-03-02T08:32:44Z", details: "moderate", }, ], title: "CVE-2022-40152", }, ], }
suse-su-2023:0373-1
Vulnerability from csaf_suse
Published
2023-02-10 14:19
Modified
2023-02-10 14:19
Summary
Security update for SUSE Manager Server 4.3
Notes
Title of the patch
Security update for SUSE Manager Server 4.3
Description of the patch
This update fixes the following issues:
release-notes-susemanager:
- Update to SUSE Manager 4.3.4
* SUSE Liberty Linux 9 support as client
* SUSE Linux Enterprise Micro support as client
* Indications for systems requiring reboot or with a scheduled reboot
* Notification messages via email
* Grafana update to 8.5.15
* Subscription warning notification
* Changelogs at repositories metadata has been limited the last 20 entries
* Drop legacy way to prevent disabling local repositories
* CVEs fixed
CVE-2022-1415
* Bugs mentioned
bsc#1172110, bsc#1195979, bsc#1200801, bsc#1202150, bsc#1203478
bsc#1203532, bsc#1203826, bsc#1204032, bsc#1204126, bsc#1204186
bsc#1204235, bsc#1204270, bsc#1204330, bsc#1204712, bsc#1204715
bsc#1204879, bsc#1204932, bsc#1205012, bsc#1205040, bsc#1205207
bsc#1205255, bsc#1205350, bsc#1205489, bsc#1205523, bsc#1205644
bsc#1205663, bsc#1205749, bsc#1205754, bsc#1205890, bsc#1205919
bsc#1205943, bsc#1206055, bsc#1206160, bsc#1206168, bsc#1206186
bsc#1206249, bsc#1206276, bsc#1206294, bsc#1206336, bsc#1206375
bsc#1206470, bsc#1206613, bsc#1206666, bsc#1206799, bsc#1207136
Patchnames
SUSE-2023-373,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-373
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for SUSE Manager Server 4.3", title: "Title of the patch", }, { category: "description", text: "\nThis update fixes the following issues:\n\nrelease-notes-susemanager:\n\n- Update to SUSE Manager 4.3.4\n * SUSE Liberty Linux 9 support as client\n * SUSE Linux Enterprise Micro support as client\n * Indications for systems requiring reboot or with a scheduled reboot\n * Notification messages via email\n * Grafana update to 8.5.15\n * Subscription warning notification\n * Changelogs at repositories metadata has been limited the last 20 entries\n * Drop legacy way to prevent disabling local repositories\n * CVEs fixed\n CVE-2022-1415\n * Bugs mentioned\n bsc#1172110, bsc#1195979, bsc#1200801, bsc#1202150, bsc#1203478 \n bsc#1203532, bsc#1203826, bsc#1204032, bsc#1204126, bsc#1204186\n bsc#1204235, bsc#1204270, bsc#1204330, bsc#1204712, bsc#1204715\n bsc#1204879, bsc#1204932, bsc#1205012, bsc#1205040, bsc#1205207\n bsc#1205255, bsc#1205350, bsc#1205489, bsc#1205523, bsc#1205644\n bsc#1205663, bsc#1205749, bsc#1205754, bsc#1205890, bsc#1205919\n bsc#1205943, bsc#1206055, bsc#1206160, bsc#1206168, bsc#1206186\n bsc#1206249, bsc#1206276, bsc#1206294, bsc#1206336, bsc#1206375\n bsc#1206470, bsc#1206613, bsc#1206666, bsc#1206799, bsc#1207136\n\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-373,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-373", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0373-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:0373-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20230373-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:0373-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013728.html", }, { category: "self", summary: "SUSE Bug 1172110", url: "https://bugzilla.suse.com/1172110", }, { category: "self", summary: "SUSE Bug 1195979", url: "https://bugzilla.suse.com/1195979", }, { category: "self", summary: "SUSE Bug 1200801", url: "https://bugzilla.suse.com/1200801", }, { category: "self", summary: "SUSE Bug 1202150", url: "https://bugzilla.suse.com/1202150", }, { category: "self", summary: "SUSE Bug 1203478", url: "https://bugzilla.suse.com/1203478", }, { category: "self", summary: "SUSE Bug 1203532", url: "https://bugzilla.suse.com/1203532", }, { category: "self", summary: "SUSE Bug 1203826", url: "https://bugzilla.suse.com/1203826", }, { category: "self", summary: "SUSE Bug 1204032", url: "https://bugzilla.suse.com/1204032", }, { category: "self", summary: "SUSE Bug 1204126", url: "https://bugzilla.suse.com/1204126", }, { category: "self", summary: "SUSE Bug 1204186", url: "https://bugzilla.suse.com/1204186", }, { category: "self", summary: "SUSE Bug 1204235", url: "https://bugzilla.suse.com/1204235", }, { category: "self", summary: "SUSE Bug 1204270", url: "https://bugzilla.suse.com/1204270", }, { category: "self", summary: "SUSE Bug 1204330", url: "https://bugzilla.suse.com/1204330", }, { category: "self", summary: "SUSE Bug 1204712", url: "https://bugzilla.suse.com/1204712", }, { category: "self", summary: "SUSE Bug 1204715", url: "https://bugzilla.suse.com/1204715", }, { category: "self", summary: "SUSE Bug 1204879", url: "https://bugzilla.suse.com/1204879", }, { category: "self", summary: "SUSE Bug 1204932", url: "https://bugzilla.suse.com/1204932", }, { category: "self", summary: "SUSE Bug 1205012", url: "https://bugzilla.suse.com/1205012", }, { category: "self", summary: "SUSE Bug 1205040", url: "https://bugzilla.suse.com/1205040", }, { category: "self", summary: "SUSE Bug 1205207", url: "https://bugzilla.suse.com/1205207", }, { category: "self", summary: "SUSE Bug 1205255", url: "https://bugzilla.suse.com/1205255", }, { category: "self", summary: "SUSE Bug 1205350", url: "https://bugzilla.suse.com/1205350", }, { category: "self", summary: "SUSE Bug 1205489", url: "https://bugzilla.suse.com/1205489", }, { category: "self", summary: "SUSE Bug 1205523", url: "https://bugzilla.suse.com/1205523", }, { category: "self", summary: "SUSE Bug 1205644", url: "https://bugzilla.suse.com/1205644", }, { category: "self", summary: "SUSE Bug 1205663", url: "https://bugzilla.suse.com/1205663", }, { category: "self", summary: "SUSE Bug 1205749", url: "https://bugzilla.suse.com/1205749", }, { category: "self", summary: "SUSE Bug 1205754", url: "https://bugzilla.suse.com/1205754", }, { category: "self", summary: "SUSE Bug 1205890", url: "https://bugzilla.suse.com/1205890", }, { category: "self", summary: "SUSE Bug 1205919", url: "https://bugzilla.suse.com/1205919", }, { category: "self", summary: "SUSE Bug 1205943", url: "https://bugzilla.suse.com/1205943", }, { category: "self", summary: "SUSE Bug 1206055", url: "https://bugzilla.suse.com/1206055", }, { category: "self", summary: "SUSE Bug 1206160", url: "https://bugzilla.suse.com/1206160", }, { category: "self", summary: "SUSE Bug 1206168", url: "https://bugzilla.suse.com/1206168", }, { category: "self", summary: "SUSE Bug 1206186", url: "https://bugzilla.suse.com/1206186", }, { category: "self", summary: "SUSE Bug 1206249", url: "https://bugzilla.suse.com/1206249", }, { category: "self", summary: "SUSE Bug 1206276", url: "https://bugzilla.suse.com/1206276", }, { category: "self", summary: "SUSE Bug 1206294", url: "https://bugzilla.suse.com/1206294", }, { category: "self", summary: "SUSE Bug 1206336", url: "https://bugzilla.suse.com/1206336", }, { category: "self", summary: "SUSE Bug 1206375", url: "https://bugzilla.suse.com/1206375", }, { category: "self", summary: "SUSE Bug 1206470", url: "https://bugzilla.suse.com/1206470", }, { category: "self", summary: "SUSE Bug 1206613", url: "https://bugzilla.suse.com/1206613", }, { category: "self", summary: "SUSE Bug 1206666", url: "https://bugzilla.suse.com/1206666", }, { category: "self", summary: "SUSE Bug 1206799", url: "https://bugzilla.suse.com/1206799", }, { category: "self", summary: "SUSE Bug 1207136", url: "https://bugzilla.suse.com/1207136", }, { category: "self", summary: "SUSE CVE CVE-2022-1415 page", url: "https://www.suse.com/security/cve/CVE-2022-1415/", }, ], title: "Security update for SUSE Manager Server 4.3", tracking: { current_release_date: "2023-02-10T14:19:35Z", generator: { date: "2023-02-10T14:19:35Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:0373-1", initial_release_date: "2023-02-10T14:19:35Z", revision_history: [ { date: "2023-02-10T14:19:35Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "release-notes-susemanager-4.3.4-150400.3.43.1.aarch64", product: { name: "release-notes-susemanager-4.3.4-150400.3.43.1.aarch64", product_id: "release-notes-susemanager-4.3.4-150400.3.43.1.aarch64", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.aarch64", product: { name: "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.aarch64", product_id: "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "release-notes-susemanager-4.3.4-150400.3.43.1.i586", product: { name: "release-notes-susemanager-4.3.4-150400.3.43.1.i586", product_id: "release-notes-susemanager-4.3.4-150400.3.43.1.i586", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.i586", product: { name: "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.i586", product_id: "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "release-notes-susemanager-4.3.4-150400.3.43.1.ppc64le", product: { name: "release-notes-susemanager-4.3.4-150400.3.43.1.ppc64le", product_id: "release-notes-susemanager-4.3.4-150400.3.43.1.ppc64le", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.ppc64le", product: { name: "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.ppc64le", product_id: "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "release-notes-susemanager-4.3.4-150400.3.43.1.s390x", product: { name: "release-notes-susemanager-4.3.4-150400.3.43.1.s390x", product_id: "release-notes-susemanager-4.3.4-150400.3.43.1.s390x", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.s390x", product: { name: "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.s390x", product_id: "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "release-notes-susemanager-4.3.4-150400.3.43.1.x86_64", product: { name: "release-notes-susemanager-4.3.4-150400.3.43.1.x86_64", product_id: "release-notes-susemanager-4.3.4-150400.3.43.1.x86_64", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.x86_64", product: { name: "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.x86_64", product_id: "release-notes-susemanager-proxy-4.3.4-150400.3.43.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Manager Server 4.3", product: { name: "SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-server:4.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "release-notes-susemanager-4.3.4-150400.3.43.1.ppc64le as component of SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.ppc64le", }, product_reference: "release-notes-susemanager-4.3.4-150400.3.43.1.ppc64le", relates_to_product_reference: "SUSE Manager Server 4.3", }, { category: "default_component_of", full_product_name: { name: "release-notes-susemanager-4.3.4-150400.3.43.1.s390x as component of SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.s390x", }, product_reference: "release-notes-susemanager-4.3.4-150400.3.43.1.s390x", relates_to_product_reference: "SUSE Manager Server 4.3", }, { category: "default_component_of", full_product_name: { name: "release-notes-susemanager-4.3.4-150400.3.43.1.x86_64 as component of SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.x86_64", }, product_reference: "release-notes-susemanager-4.3.4-150400.3.43.1.x86_64", relates_to_product_reference: "SUSE Manager Server 4.3", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1415", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-1415", }, ], notes: [ { category: "general", text: "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.ppc64le", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.s390x", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-1415", url: "https://www.suse.com/security/cve/CVE-2022-1415", }, { category: "external", summary: "SUSE Bug 1204879 for CVE-2022-1415", url: "https://bugzilla.suse.com/1204879", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.ppc64le", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.s390x", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.ppc64le", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.s390x", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.4-150400.3.43.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-02-10T14:19:35Z", details: "moderate", }, ], title: "CVE-2022-1415", }, ], }
gsd-2022-1415
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
Aliases
Aliases
{ GSD: { alias: "CVE-2022-1415", id: "GSD-2022-1415", references: [ "https://www.suse.com/security/cve/CVE-2022-1415.html", "https://access.redhat.com/errata/RHSA-2022:6813", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2022-1415", ], details: "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.", id: "GSD-2022-1415", modified: "2023-12-13T01:19:28.112737Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2022-1415", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "drools", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { versions: [ { status: "unaffected", version: "7.69.0.Final", }, ], }, }, ], }, }, ], }, vendor_name: "n/a", }, { product: { product_data: [ { product_name: "Red Hat Process Automation 7", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", }, }, ], }, }, { product_name: "Red Hat build of Quarkus", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, { product_name: "Red Hat Decision Manager 7", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", }, }, ], }, }, { product_name: "Red Hat Integration Camel for Spring Boot", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, { product_name: "Red Hat Integration Camel K", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, { product_name: "Red Hat Integration Camel Quarkus", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, { product_name: "Red Hat JBoss Data Grid 7", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, { product_name: "Red Hat JBoss Data Virtualization 6", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, { product_name: "Red Hat JBoss Enterprise Application Platform 6", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unknown", }, }, ], }, }, { product_name: "Red Hat JBoss Enterprise Application Platform 7", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, { product_name: "Red Hat JBoss Enterprise Application Platform Expansion Pack", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, { product_name: "Red Hat JBoss Fuse 6", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unknown", }, }, ], }, }, { product_name: "Red Hat JBoss Fuse 7", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, { product_name: "Red Hat JBoss Fuse Service Works 6", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unknown", }, }, ], }, }, ], }, vendor_name: "Red Hat", }, ], }, }, credits: [ { lang: "en", value: "Red Hat would like to thank Paulino Calderon (Websec) for reporting this issue.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.", }, ], }, impact: { cvss: [ { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, ], }, problemtype: { problemtype_data: [ { description: [ { cweId: "CWE-502", lang: "eng", value: "Deserialization of Untrusted Data", }, ], }, ], }, references: { reference_data: [ { name: "https://access.redhat.com/errata/RHSA-2022:6813", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2022:6813", }, { name: "https://access.redhat.com/security/cve/CVE-2022-1415", refsource: "MISC", url: "https://access.redhat.com/security/cve/CVE-2022-1415", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=2065505", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065505", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:drools:7.69.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2022-1415", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-502", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=2065505", refsource: "MISC", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065505", }, { name: "https://access.redhat.com/errata/RHSA-2022:6813", refsource: "MISC", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2022:6813", }, { name: "https://access.redhat.com/security/cve/CVE-2022-1415", refsource: "MISC", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2022-1415", }, ], }, }, impact: { baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, }, }, lastModifiedDate: "2023-09-14T02:26Z", publishedDate: "2023-09-11T21:15Z", }, }, }
rhsa-2022_6813
Vulnerability from csaf_redhat
Published
2022-10-05 10:44
Modified
2024-12-18 00:36
Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.1 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fix(es):
* chart.js: prototype pollution (CVE-2020-7746)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)
* cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)
* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)
* org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)
* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)
* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)
* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fix(es):\n\n* chart.js: prototype pollution (CVE-2020-7746)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)\n\n* cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)\n\n* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)\n\n* org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)\n\n* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)\n\n* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:6813", url: "https://access.redhat.com/errata/RHSA-2022:6813", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2041833", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041833", }, { category: "external", summary: "2044591", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044591", }, { category: "external", summary: "2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "2050863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050863", }, { category: "external", summary: "2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "2064007", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064007", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2066009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", }, { category: "external", summary: "2067387", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2067387", }, { category: "external", summary: "2067458", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2067458", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2076133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2076133", }, { category: "external", summary: "2085307", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2085307", }, { category: "external", summary: "2096966", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096966", }, { category: "external", summary: "2103584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103584", }, { category: "external", summary: "2105075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105075", }, { category: "external", summary: "2107994", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107994", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6813.json", }, ], title: "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.1 security update", tracking: { current_release_date: "2024-12-18T00:36:53+00:00", generator: { date: "2024-12-18T00:36:53+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2022:6813", initial_release_date: "2022-10-05T10:44:49+00:00", revision_history: [ { date: "2022-10-05T10:44:49+00:00", number: "1", summary: "Initial version", }, { date: "2022-10-05T10:44:50+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-18T00:36:53+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHPAM 7.13.1 async", product: { name: "RHPAM 7.13.1 async", product_id: "RHPAM 7.13.1 async", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", }, }, }, ], category: "product_family", name: "Red Hat Process Automation Manager", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2020-7746", discovery_date: "2020-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2096966", }, ], notes: [ { category: "description", text: "A flaw was found in chart.js. This issue occurs when the options parameter is not properly sanitized when it is processed. When options are processed, the object's keys that are being set are not checked, possibly allowing a prototype pollution.", title: "Vulnerability description", }, { category: "summary", text: "chart.js: prototype pollution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-7746", }, { category: "external", summary: "RHBZ#2096966", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096966", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-7746", url: "https://www.cve.org/CVERecord?id=CVE-2020-7746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-7746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-7746", }, ], release_date: "2020-10-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "chart.js: prototype pollution", }, { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-23436", discovery_date: "2021-10-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041833", }, ], notes: [ { category: "description", text: "A prototype pollution flaw was found in the Node.js immer module. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could execute arbitrary code on the system.", title: "Vulnerability description", }, { category: "summary", text: "immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-23436", }, { category: "external", summary: "RHBZ#2041833", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041833", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-23436", url: "https://www.cve.org/CVERecord?id=CVE-2021-23436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-23436", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-23436", }, ], release_date: "2021-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477", }, { cve: "CVE-2021-44906", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2022-03-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2066009", }, ], notes: [ { category: "description", text: "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", title: "Vulnerability description", }, { category: "summary", text: "minimist: prototype pollution", title: "Vulnerability summary", }, { category: "other", text: "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44906", }, { category: "external", summary: "RHBZ#2066009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44906", url: "https://www.cve.org/CVERecord?id=CVE-2021-44906", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", }, { category: "external", summary: "https://github.com/advisories/GHSA-xvch-5gv4-984h", url: "https://github.com/advisories/GHSA-xvch-5gv4-984h", }, ], release_date: "2022-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "minimist: prototype pollution", }, { cve: "CVE-2022-0235", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2022-01-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044591", }, ], notes: [ { category: "description", text: "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", title: "Vulnerability description", }, { category: "summary", text: "node-fetch: exposure of sensitive information to an unauthorized actor", title: "Vulnerability summary", }, { category: "other", text: "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0235", }, { category: "external", summary: "RHBZ#2044591", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044591", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0235", url: "https://www.cve.org/CVERecord?id=CVE-2022-0235", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", }, { category: "external", summary: "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", url: "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", }, ], release_date: "2022-01-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "node-fetch: exposure of sensitive information to an unauthorized actor", }, { cve: "CVE-2022-0722", cwe: { id: "CWE-212", name: "Improper Removal of Sensitive Information Before Storage or Transfer", }, discovery_date: "2022-07-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2103584", }, ], notes: [ { category: "description", text: "A flaw was found in the parse-url package. Affected versions of this package are vulnerable to information exposure due to an improper validation issue.", title: "Vulnerability description", }, { category: "summary", text: "parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0722", }, { category: "external", summary: "RHBZ#2103584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103584", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0722", url: "https://www.cve.org/CVERecord?id=CVE-2022-0722", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0722", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0722", }, { category: "external", summary: "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226", url: "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226", }, ], release_date: "2022-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url", }, { cve: "CVE-2022-1365", cwe: { id: "CWE-359", name: "Exposure of Private Personal Information to an Unauthorized Actor", }, discovery_date: "2022-04-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2076133", }, ], notes: [ { category: "description", text: "A flaw was found in the cross-fetch library when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked.", title: "Vulnerability description", }, { category: "summary", text: "cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1365", }, { category: "external", summary: "RHBZ#2076133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2076133", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1365", url: "https://www.cve.org/CVERecord?id=CVE-2022-1365", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1365", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1365", }, { category: "external", summary: "https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac/", url: "https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac/", }, ], release_date: "2022-04-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor", }, { acknowledgments: [ { names: [ "Paulino Calderon", ], organization: "Websec", }, ], cve: "CVE-2022-1415", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2021-12-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2065505", }, ], notes: [ { category: "description", text: "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.", title: "Vulnerability description", }, { category: "summary", text: "drools: unsafe data deserialization in StreamUtils", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1415", }, { category: "external", summary: "RHBZ#2065505", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065505", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1415", url: "https://www.cve.org/CVERecord?id=CVE-2022-1415", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1415", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1415", }, ], release_date: "2022-10-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "drools: unsafe data deserialization in StreamUtils", }, { cve: "CVE-2022-1650", cwe: { id: "CWE-359", name: "Exposure of Private Personal Information to an Unauthorized Actor", }, discovery_date: "2022-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2085307", }, ], notes: [ { category: "description", text: "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user's credentials and then use the credentials to access the legitimate website.", title: "Vulnerability description", }, { category: "summary", text: "eventsource: Exposure of Sensitive Information", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1650", }, { category: "external", summary: "RHBZ#2085307", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2085307", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1650", url: "https://www.cve.org/CVERecord?id=CVE-2022-1650", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1650", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1650", }, { category: "external", summary: "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e", url: "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e", }, ], release_date: "2022-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "eventsource: Exposure of Sensitive Information", }, { cve: "CVE-2022-2458", cwe: { id: "CWE-91", name: "XML Injection (aka Blind XPath Injection)", }, discovery_date: "2022-07-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107994", }, ], notes: [ { category: "description", text: "An XML external entity injection(XXE) vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, the XML external entity injection leads to External Service interaction and an Internal file read in Business Central and Kie-Server APIs.", title: "Vulnerability description", }, { category: "summary", text: "Business-central: Possible XML External Entity Injection attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2458", }, { category: "external", summary: "RHBZ#2107994", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107994", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2458", url: "https://www.cve.org/CVERecord?id=CVE-2022-2458", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2458", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2458", }, ], release_date: "2022-07-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Business-central: Possible XML External Entity Injection attack", }, { cve: "CVE-2022-21363", cwe: { id: "CWE-280", name: "Improper Handling of Insufficient Permissions or Privileges ", }, discovery_date: "2022-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047343", }, ], notes: [ { category: "description", text: "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", title: "Vulnerability description", }, { category: "summary", text: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21363", }, { category: "external", summary: "RHBZ#2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21363", url: "https://www.cve.org/CVERecord?id=CVE-2022-21363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", }, { category: "external", summary: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", url: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", }, { cve: "CVE-2022-21724", cwe: { id: "CWE-665", name: "Improper Initialization", }, discovery_date: "2022-02-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050863", }, ], notes: [ { category: "description", text: "pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.", title: "Vulnerability description", }, { category: "summary", text: "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes", title: "Vulnerability summary", }, { category: "other", text: "According to the patch upstream the scoring of this issue has been severely reduced and is no longer considered an RCE. Therefore, the flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6, 7 and 8.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21724", }, { category: "external", summary: "RHBZ#2050863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050863", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21724", url: "https://www.cve.org/CVERecord?id=CVE-2022-21724", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21724", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21724", }, { category: "external", summary: "https://github.com/advisories/GHSA-v7wg-cpwc-24m4", url: "https://github.com/advisories/GHSA-v7wg-cpwc-24m4", }, ], release_date: "2022-02-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes", }, { acknowledgments: [ { names: [ "Sergey Temnikov", "Ziyi Luo", ], organization: "Amazon Corretto", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047200", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "xerces-j2: infinite loop when handling specially crafted XML document payloads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "RHBZ#2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23437", url: "https://www.cve.org/CVERecord?id=CVE-2022-23437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", }, ], release_date: "2022-01-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xerces-j2: infinite loop when handling specially crafted XML document payloads", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, { cve: "CVE-2022-24771", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, discovery_date: "2022-03-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2067387", }, ], notes: [ { category: "description", text: "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.", title: "Vulnerability description", }, { category: "summary", text: "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery", title: "Vulnerability summary", }, { category: "other", text: "This flaw affects the DigestAlgorithm structure.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24771", }, { category: "external", summary: "RHBZ#2067387", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2067387", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24771", url: "https://www.cve.org/CVERecord?id=CVE-2022-24771", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24771", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24771", }, { category: "external", summary: "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765", url: "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765", }, ], release_date: "2022-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery", }, { cve: "CVE-2022-24772", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, discovery_date: "2022-03-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2067458", }, ], notes: [ { category: "description", text: "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.", title: "Vulnerability description", }, { category: "summary", text: "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery", title: "Vulnerability summary", }, { category: "other", text: "This flaw affects the DigestInfo ASN.1 structure.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24772", }, { category: "external", summary: "RHBZ#2067458", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2067458", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24772", url: "https://www.cve.org/CVERecord?id=CVE-2022-24772", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24772", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24772", }, { category: "external", summary: "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g", url: "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g", }, ], release_date: "2022-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "RHPAM 7.13.1 async", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, { cve: "CVE-2022-26520", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, discovery_date: "2022-03-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064007", }, ], notes: [ { category: "description", text: "A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or server.", title: "Vulnerability description", }, { category: "summary", text: "postgresql-jdbc: Arbitrary File Write Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat informs that although there's a difference from NVD CVSSv3 score there's a especial occasion in this CVE that maintain it as a moderate. The scenario for an attacker to get a benefit in this situation requires them to have access to modify a configuration file and write a file where it's needed. This require non-default configuration and also it's not expected to allow an untrusted user to perform this kind of setting.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-26520", }, { category: "external", summary: "RHBZ#2064007", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064007", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-26520", url: "https://www.cve.org/CVERecord?id=CVE-2022-26520", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-26520", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-26520", }, ], release_date: "2022-02-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "postgresql-jdbc: Arbitrary File Write Vulnerability", }, { cve: "CVE-2022-31129", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-07-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2105075", }, ], notes: [ { category: "description", text: "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", title: "Vulnerability description", }, { category: "summary", text: "moment: inefficient parsing algorithm resulting in DoS", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31129", }, { category: "external", summary: "RHBZ#2105075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105075", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31129", url: "https://www.cve.org/CVERecord?id=CVE-2022-31129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", url: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", }, ], release_date: "2022-07-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "moment: inefficient parsing algorithm resulting in DoS", }, ], }
rhsa-2022:6813
Vulnerability from csaf_redhat
Published
2022-10-05 10:44
Modified
2025-03-31 10:29
Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.1 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fix(es):
* chart.js: prototype pollution (CVE-2020-7746)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)
* cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)
* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)
* org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)
* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)
* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)
* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fix(es):\n\n* chart.js: prototype pollution (CVE-2020-7746)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)\n\n* cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)\n\n* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)\n\n* org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)\n\n* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)\n\n* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:6813", url: "https://access.redhat.com/errata/RHSA-2022:6813", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2041833", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041833", }, { category: "external", summary: "2044591", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044591", }, { category: "external", summary: "2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "2050863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050863", }, { category: "external", summary: "2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "2064007", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064007", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2066009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", }, { category: "external", summary: "2067387", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2067387", }, { category: "external", summary: "2067458", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2067458", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2076133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2076133", }, { category: "external", summary: "2085307", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2085307", }, { category: "external", summary: "2096966", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096966", }, { category: "external", summary: "2103584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103584", }, { category: "external", summary: "2105075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105075", }, { category: "external", summary: "2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "2107994", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107994", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6813.json", }, ], title: "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.1 security update", tracking: { current_release_date: "2025-03-31T10:29:12+00:00", generator: { date: "2025-03-31T10:29:12+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:6813", initial_release_date: "2022-10-05T10:44:49+00:00", revision_history: [ { date: "2022-10-05T10:44:49+00:00", number: "1", summary: "Initial version", }, { date: "2022-10-05T10:44:50+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-31T10:29:12+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHPAM 7.13.1 async", product: { name: "RHPAM 7.13.1 async", product_id: "RHPAM 7.13.1 async", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", }, }, }, ], category: "product_family", name: "Red Hat Process Automation Manager", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2020-7746", discovery_date: "2020-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2096966", }, ], notes: [ { category: "description", text: "A flaw was found in chart.js. This issue occurs when the options parameter is not properly sanitized when it is processed. When options are processed, the object's keys that are being set are not checked, possibly allowing a prototype pollution.", title: "Vulnerability description", }, { category: "summary", text: "chart.js: prototype pollution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-7746", }, { category: "external", summary: "RHBZ#2096966", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096966", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-7746", url: "https://www.cve.org/CVERecord?id=CVE-2020-7746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-7746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-7746", }, ], release_date: "2020-10-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "chart.js: prototype pollution", }, { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-23436", discovery_date: "2021-10-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041833", }, ], notes: [ { category: "description", text: "A prototype pollution flaw was found in the Node.js immer module. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could execute arbitrary code on the system.", title: "Vulnerability description", }, { category: "summary", text: "immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-23436", }, { category: "external", summary: "RHBZ#2041833", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041833", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-23436", url: "https://www.cve.org/CVERecord?id=CVE-2021-23436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-23436", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-23436", }, ], release_date: "2021-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477", }, { cve: "CVE-2021-44906", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2022-03-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2066009", }, ], notes: [ { category: "description", text: "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", title: "Vulnerability description", }, { category: "summary", text: "minimist: prototype pollution", title: "Vulnerability summary", }, { category: "other", text: "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44906", }, { category: "external", summary: "RHBZ#2066009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44906", url: "https://www.cve.org/CVERecord?id=CVE-2021-44906", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", }, { category: "external", summary: "https://github.com/advisories/GHSA-xvch-5gv4-984h", url: "https://github.com/advisories/GHSA-xvch-5gv4-984h", }, ], release_date: "2022-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "minimist: prototype pollution", }, { cve: "CVE-2022-0235", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2022-01-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044591", }, ], notes: [ { category: "description", text: "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", title: "Vulnerability description", }, { category: "summary", text: "node-fetch: exposure of sensitive information to an unauthorized actor", title: "Vulnerability summary", }, { category: "other", text: "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0235", }, { category: "external", summary: "RHBZ#2044591", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044591", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0235", url: "https://www.cve.org/CVERecord?id=CVE-2022-0235", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", }, { category: "external", summary: "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", url: "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", }, ], release_date: "2022-01-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "node-fetch: exposure of sensitive information to an unauthorized actor", }, { cve: "CVE-2022-0722", cwe: { id: "CWE-212", name: "Improper Removal of Sensitive Information Before Storage or Transfer", }, discovery_date: "2022-07-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2103584", }, ], notes: [ { category: "description", text: "A flaw was found in the parse-url package. Affected versions of this package are vulnerable to information exposure due to an improper validation issue.", title: "Vulnerability description", }, { category: "summary", text: "parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0722", }, { category: "external", summary: "RHBZ#2103584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103584", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0722", url: "https://www.cve.org/CVERecord?id=CVE-2022-0722", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0722", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0722", }, { category: "external", summary: "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226", url: "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226", }, ], release_date: "2022-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url", }, { cve: "CVE-2022-1365", cwe: { id: "CWE-359", name: "Exposure of Private Personal Information to an Unauthorized Actor", }, discovery_date: "2022-04-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2076133", }, ], notes: [ { category: "description", text: "A flaw was found in the cross-fetch library when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked.", title: "Vulnerability description", }, { category: "summary", text: "cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1365", }, { category: "external", summary: "RHBZ#2076133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2076133", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1365", url: "https://www.cve.org/CVERecord?id=CVE-2022-1365", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1365", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1365", }, { category: "external", summary: "https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac/", url: "https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac/", }, ], release_date: "2022-04-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor", }, { acknowledgments: [ { names: [ "Paulino Calderon", ], organization: "Websec", }, ], cve: "CVE-2022-1415", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2021-12-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2065505", }, ], notes: [ { category: "description", text: "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.", title: "Vulnerability description", }, { category: "summary", text: "drools: unsafe data deserialization in StreamUtils", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1415", }, { category: "external", summary: "RHBZ#2065505", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065505", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1415", url: "https://www.cve.org/CVERecord?id=CVE-2022-1415", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1415", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1415", }, ], release_date: "2022-10-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "drools: unsafe data deserialization in StreamUtils", }, { cve: "CVE-2022-1650", cwe: { id: "CWE-359", name: "Exposure of Private Personal Information to an Unauthorized Actor", }, discovery_date: "2022-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2085307", }, ], notes: [ { category: "description", text: "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user's credentials and then use the credentials to access the legitimate website.", title: "Vulnerability description", }, { category: "summary", text: "eventsource: Exposure of Sensitive Information", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1650", }, { category: "external", summary: "RHBZ#2085307", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2085307", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1650", url: "https://www.cve.org/CVERecord?id=CVE-2022-1650", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1650", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1650", }, { category: "external", summary: "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e", url: "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e", }, ], release_date: "2022-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "eventsource: Exposure of Sensitive Information", }, { cve: "CVE-2022-2458", cwe: { id: "CWE-91", name: "XML Injection (aka Blind XPath Injection)", }, discovery_date: "2022-07-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107994", }, ], notes: [ { category: "description", text: "An XML external entity injection(XXE) vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, the XML external entity injection leads to External Service interaction and an Internal file read in Business Central and Kie-Server APIs.", title: "Vulnerability description", }, { category: "summary", text: "Business-central: Possible XML External Entity Injection attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2458", }, { category: "external", summary: "RHBZ#2107994", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107994", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2458", url: "https://www.cve.org/CVERecord?id=CVE-2022-2458", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2458", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2458", }, ], release_date: "2022-07-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Business-central: Possible XML External Entity Injection attack", }, { cve: "CVE-2022-21363", cwe: { id: "CWE-280", name: "Improper Handling of Insufficient Permissions or Privileges ", }, discovery_date: "2022-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047343", }, ], notes: [ { category: "description", text: "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", title: "Vulnerability description", }, { category: "summary", text: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21363", }, { category: "external", summary: "RHBZ#2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21363", url: "https://www.cve.org/CVERecord?id=CVE-2022-21363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", }, { category: "external", summary: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", url: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", }, { cve: "CVE-2022-21724", cwe: { id: "CWE-665", name: "Improper Initialization", }, discovery_date: "2022-02-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050863", }, ], notes: [ { category: "description", text: "pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.", title: "Vulnerability description", }, { category: "summary", text: "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes", title: "Vulnerability summary", }, { category: "other", text: "According to the patch upstream the scoring of this issue has been severely reduced and is no longer considered an RCE. Therefore, the flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6, 7 and 8.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21724", }, { category: "external", summary: "RHBZ#2050863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050863", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21724", url: "https://www.cve.org/CVERecord?id=CVE-2022-21724", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21724", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21724", }, { category: "external", summary: "https://github.com/advisories/GHSA-v7wg-cpwc-24m4", url: "https://github.com/advisories/GHSA-v7wg-cpwc-24m4", }, ], release_date: "2022-02-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes", }, { acknowledgments: [ { names: [ "Sergey Temnikov", "Ziyi Luo", ], organization: "Amazon Corretto", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047200", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "xerces-j2: infinite loop when handling specially crafted XML document payloads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "RHBZ#2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23437", url: "https://www.cve.org/CVERecord?id=CVE-2022-23437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", }, ], release_date: "2022-01-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xerces-j2: infinite loop when handling specially crafted XML document payloads", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, { cve: "CVE-2022-24771", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, discovery_date: "2022-03-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2067387", }, ], notes: [ { category: "description", text: "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.", title: "Vulnerability description", }, { category: "summary", text: "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery", title: "Vulnerability summary", }, { category: "other", text: "This flaw affects the DigestAlgorithm structure.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24771", }, { category: "external", summary: "RHBZ#2067387", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2067387", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24771", url: "https://www.cve.org/CVERecord?id=CVE-2022-24771", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24771", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24771", }, { category: "external", summary: "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765", url: "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765", }, ], release_date: "2022-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery", }, { cve: "CVE-2022-24772", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, discovery_date: "2022-03-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2067458", }, ], notes: [ { category: "description", text: "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.", title: "Vulnerability description", }, { category: "summary", text: "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery", title: "Vulnerability summary", }, { category: "other", text: "This flaw affects the DigestInfo ASN.1 structure.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24772", }, { category: "external", summary: "RHBZ#2067458", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2067458", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24772", url: "https://www.cve.org/CVERecord?id=CVE-2022-24772", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24772", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24772", }, { category: "external", summary: "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g", url: "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g", }, ], release_date: "2022-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "RHPAM 7.13.1 async", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, { cve: "CVE-2022-26520", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, discovery_date: "2022-03-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064007", }, ], notes: [ { category: "description", text: "A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or server.", title: "Vulnerability description", }, { category: "summary", text: "postgresql-jdbc: Arbitrary File Write Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat informs that although there's a difference from NVD CVSSv3 score there's a especial occasion in this CVE that maintain it as a moderate. The scenario for an attacker to get a benefit in this situation requires them to have access to modify a configuration file and write a file where it's needed. This require non-default configuration and also it's not expected to allow an untrusted user to perform this kind of setting.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-26520", }, { category: "external", summary: "RHBZ#2064007", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064007", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-26520", url: "https://www.cve.org/CVERecord?id=CVE-2022-26520", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-26520", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-26520", }, ], release_date: "2022-02-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "postgresql-jdbc: Arbitrary File Write Vulnerability", }, { cve: "CVE-2022-31129", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-07-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2105075", }, ], notes: [ { category: "description", text: "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", title: "Vulnerability description", }, { category: "summary", text: "moment: inefficient parsing algorithm resulting in DoS", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31129", }, { category: "external", summary: "RHBZ#2105075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105075", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31129", url: "https://www.cve.org/CVERecord?id=CVE-2022-31129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", url: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", }, ], release_date: "2022-07-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "moment: inefficient parsing algorithm resulting in DoS", }, ], }
RHSA-2022:6813
Vulnerability from csaf_redhat
Published
2022-10-05 10:44
Modified
2025-03-31 10:29
Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.1 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fix(es):
* chart.js: prototype pollution (CVE-2020-7746)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)
* cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)
* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)
* org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)
* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)
* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)
* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fix(es):\n\n* chart.js: prototype pollution (CVE-2020-7746)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)\n\n* cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)\n\n* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)\n\n* org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)\n\n* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)\n\n* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:6813", url: "https://access.redhat.com/errata/RHSA-2022:6813", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2041833", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041833", }, { category: "external", summary: "2044591", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044591", }, { category: "external", summary: "2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "2050863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050863", }, { category: "external", summary: "2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "2064007", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064007", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2066009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", }, { category: "external", summary: "2067387", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2067387", }, { category: "external", summary: "2067458", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2067458", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2076133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2076133", }, { category: "external", summary: "2085307", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2085307", }, { category: "external", summary: "2096966", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096966", }, { category: "external", summary: "2103584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103584", }, { category: "external", summary: "2105075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105075", }, { category: "external", summary: "2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "2107994", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107994", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6813.json", }, ], title: "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.1 security update", tracking: { current_release_date: "2025-03-31T10:29:12+00:00", generator: { date: "2025-03-31T10:29:12+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:6813", initial_release_date: "2022-10-05T10:44:49+00:00", revision_history: [ { date: "2022-10-05T10:44:49+00:00", number: "1", summary: "Initial version", }, { date: "2022-10-05T10:44:50+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-31T10:29:12+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHPAM 7.13.1 async", product: { name: "RHPAM 7.13.1 async", product_id: "RHPAM 7.13.1 async", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", }, }, }, ], category: "product_family", name: "Red Hat Process Automation Manager", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2020-7746", discovery_date: "2020-10-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2096966", }, ], notes: [ { category: "description", text: "A flaw was found in chart.js. This issue occurs when the options parameter is not properly sanitized when it is processed. When options are processed, the object's keys that are being set are not checked, possibly allowing a prototype pollution.", title: "Vulnerability description", }, { category: "summary", text: "chart.js: prototype pollution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-7746", }, { category: "external", summary: "RHBZ#2096966", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096966", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-7746", url: "https://www.cve.org/CVERecord?id=CVE-2020-7746", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-7746", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-7746", }, ], release_date: "2020-10-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "chart.js: prototype pollution", }, { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-23436", discovery_date: "2021-10-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041833", }, ], notes: [ { category: "description", text: "A prototype pollution flaw was found in the Node.js immer module. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could execute arbitrary code on the system.", title: "Vulnerability description", }, { category: "summary", text: "immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-23436", }, { category: "external", summary: "RHBZ#2041833", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041833", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-23436", url: "https://www.cve.org/CVERecord?id=CVE-2021-23436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-23436", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-23436", }, ], release_date: "2021-09-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477", }, { cve: "CVE-2021-44906", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2022-03-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2066009", }, ], notes: [ { category: "description", text: "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", title: "Vulnerability description", }, { category: "summary", text: "minimist: prototype pollution", title: "Vulnerability summary", }, { category: "other", text: "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44906", }, { category: "external", summary: "RHBZ#2066009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44906", url: "https://www.cve.org/CVERecord?id=CVE-2021-44906", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", }, { category: "external", summary: "https://github.com/advisories/GHSA-xvch-5gv4-984h", url: "https://github.com/advisories/GHSA-xvch-5gv4-984h", }, ], release_date: "2022-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "minimist: prototype pollution", }, { cve: "CVE-2022-0235", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2022-01-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044591", }, ], notes: [ { category: "description", text: "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", title: "Vulnerability description", }, { category: "summary", text: "node-fetch: exposure of sensitive information to an unauthorized actor", title: "Vulnerability summary", }, { category: "other", text: "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0235", }, { category: "external", summary: "RHBZ#2044591", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044591", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0235", url: "https://www.cve.org/CVERecord?id=CVE-2022-0235", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", }, { category: "external", summary: "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", url: "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", }, ], release_date: "2022-01-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "node-fetch: exposure of sensitive information to an unauthorized actor", }, { cve: "CVE-2022-0722", cwe: { id: "CWE-212", name: "Improper Removal of Sensitive Information Before Storage or Transfer", }, discovery_date: "2022-07-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2103584", }, ], notes: [ { category: "description", text: "A flaw was found in the parse-url package. Affected versions of this package are vulnerable to information exposure due to an improper validation issue.", title: "Vulnerability description", }, { category: "summary", text: "parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0722", }, { category: "external", summary: "RHBZ#2103584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103584", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0722", url: "https://www.cve.org/CVERecord?id=CVE-2022-0722", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0722", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0722", }, { category: "external", summary: "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226", url: "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226", }, ], release_date: "2022-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url", }, { cve: "CVE-2022-1365", cwe: { id: "CWE-359", name: "Exposure of Private Personal Information to an Unauthorized Actor", }, discovery_date: "2022-04-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2076133", }, ], notes: [ { category: "description", text: "A flaw was found in the cross-fetch library when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked.", title: "Vulnerability description", }, { category: "summary", text: "cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1365", }, { category: "external", summary: "RHBZ#2076133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2076133", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1365", url: "https://www.cve.org/CVERecord?id=CVE-2022-1365", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1365", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1365", }, { category: "external", summary: "https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac/", url: "https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac/", }, ], release_date: "2022-04-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor", }, { acknowledgments: [ { names: [ "Paulino Calderon", ], organization: "Websec", }, ], cve: "CVE-2022-1415", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2021-12-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2065505", }, ], notes: [ { category: "description", text: "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.", title: "Vulnerability description", }, { category: "summary", text: "drools: unsafe data deserialization in StreamUtils", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1415", }, { category: "external", summary: "RHBZ#2065505", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065505", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1415", url: "https://www.cve.org/CVERecord?id=CVE-2022-1415", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1415", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1415", }, ], release_date: "2022-10-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "drools: unsafe data deserialization in StreamUtils", }, { cve: "CVE-2022-1650", cwe: { id: "CWE-359", name: "Exposure of Private Personal Information to an Unauthorized Actor", }, discovery_date: "2022-05-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2085307", }, ], notes: [ { category: "description", text: "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user's credentials and then use the credentials to access the legitimate website.", title: "Vulnerability description", }, { category: "summary", text: "eventsource: Exposure of Sensitive Information", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1650", }, { category: "external", summary: "RHBZ#2085307", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2085307", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1650", url: "https://www.cve.org/CVERecord?id=CVE-2022-1650", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1650", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1650", }, { category: "external", summary: "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e", url: "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e", }, ], release_date: "2022-05-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "eventsource: Exposure of Sensitive Information", }, { cve: "CVE-2022-2458", cwe: { id: "CWE-91", name: "XML Injection (aka Blind XPath Injection)", }, discovery_date: "2022-07-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107994", }, ], notes: [ { category: "description", text: "An XML external entity injection(XXE) vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, the XML external entity injection leads to External Service interaction and an Internal file read in Business Central and Kie-Server APIs.", title: "Vulnerability description", }, { category: "summary", text: "Business-central: Possible XML External Entity Injection attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2458", }, { category: "external", summary: "RHBZ#2107994", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107994", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2458", url: "https://www.cve.org/CVERecord?id=CVE-2022-2458", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2458", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2458", }, ], release_date: "2022-07-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Business-central: Possible XML External Entity Injection attack", }, { cve: "CVE-2022-21363", cwe: { id: "CWE-280", name: "Improper Handling of Insufficient Permissions or Privileges ", }, discovery_date: "2022-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047343", }, ], notes: [ { category: "description", text: "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", title: "Vulnerability description", }, { category: "summary", text: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21363", }, { category: "external", summary: "RHBZ#2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21363", url: "https://www.cve.org/CVERecord?id=CVE-2022-21363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", }, { category: "external", summary: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", url: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", }, { cve: "CVE-2022-21724", cwe: { id: "CWE-665", name: "Improper Initialization", }, discovery_date: "2022-02-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050863", }, ], notes: [ { category: "description", text: "pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.", title: "Vulnerability description", }, { category: "summary", text: "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes", title: "Vulnerability summary", }, { category: "other", text: "According to the patch upstream the scoring of this issue has been severely reduced and is no longer considered an RCE. Therefore, the flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6, 7 and 8.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21724", }, { category: "external", summary: "RHBZ#2050863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050863", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21724", url: "https://www.cve.org/CVERecord?id=CVE-2022-21724", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21724", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21724", }, { category: "external", summary: "https://github.com/advisories/GHSA-v7wg-cpwc-24m4", url: "https://github.com/advisories/GHSA-v7wg-cpwc-24m4", }, ], release_date: "2022-02-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes", }, { acknowledgments: [ { names: [ "Sergey Temnikov", "Ziyi Luo", ], organization: "Amazon Corretto", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047200", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "xerces-j2: infinite loop when handling specially crafted XML document payloads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "RHBZ#2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23437", url: "https://www.cve.org/CVERecord?id=CVE-2022-23437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", }, ], release_date: "2022-01-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xerces-j2: infinite loop when handling specially crafted XML document payloads", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, { cve: "CVE-2022-24771", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, discovery_date: "2022-03-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2067387", }, ], notes: [ { category: "description", text: "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.", title: "Vulnerability description", }, { category: "summary", text: "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery", title: "Vulnerability summary", }, { category: "other", text: "This flaw affects the DigestAlgorithm structure.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24771", }, { category: "external", summary: "RHBZ#2067387", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2067387", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24771", url: "https://www.cve.org/CVERecord?id=CVE-2022-24771", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24771", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24771", }, { category: "external", summary: "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765", url: "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765", }, ], release_date: "2022-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery", }, { cve: "CVE-2022-24772", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, discovery_date: "2022-03-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2067458", }, ], notes: [ { category: "description", text: "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.", title: "Vulnerability description", }, { category: "summary", text: "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery", title: "Vulnerability summary", }, { category: "other", text: "This flaw affects the DigestInfo ASN.1 structure.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24772", }, { category: "external", summary: "RHBZ#2067458", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2067458", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24772", url: "https://www.cve.org/CVERecord?id=CVE-2022-24772", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24772", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24772", }, { category: "external", summary: "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g", url: "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g", }, ], release_date: "2022-03-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "RHPAM 7.13.1 async", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, { cve: "CVE-2022-26520", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, discovery_date: "2022-03-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064007", }, ], notes: [ { category: "description", text: "A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or server.", title: "Vulnerability description", }, { category: "summary", text: "postgresql-jdbc: Arbitrary File Write Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat informs that although there's a difference from NVD CVSSv3 score there's a especial occasion in this CVE that maintain it as a moderate. The scenario for an attacker to get a benefit in this situation requires them to have access to modify a configuration file and write a file where it's needed. This require non-default configuration and also it's not expected to allow an untrusted user to perform this kind of setting.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-26520", }, { category: "external", summary: "RHBZ#2064007", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064007", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-26520", url: "https://www.cve.org/CVERecord?id=CVE-2022-26520", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-26520", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-26520", }, ], release_date: "2022-02-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "postgresql-jdbc: Arbitrary File Write Vulnerability", }, { cve: "CVE-2022-31129", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-07-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2105075", }, ], notes: [ { category: "description", text: "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", title: "Vulnerability description", }, { category: "summary", text: "moment: inefficient parsing algorithm resulting in DoS", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.1 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31129", }, { category: "external", summary: "RHBZ#2105075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105075", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31129", url: "https://www.cve.org/CVERecord?id=CVE-2022-31129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", url: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", }, ], release_date: "2022-07-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-05T10:44:49+00:00", details: "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", product_ids: [ "RHPAM 7.13.1 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6813", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.1 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "moment: inefficient parsing algorithm resulting in DoS", }, ], }
ghsa-m5q8-58wh-xxq4
Vulnerability from github
Published
2023-09-11 21:30
Modified
2024-05-03 20:22
Severity ?
Summary
Drools Core Deserialization of Untrusted Data vulnerability
Details
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
{ affected: [ { package: { ecosystem: "Maven", name: "org.drools:drools-core", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "7.69.0.Final", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2022-1415", ], database_specific: { cwe_ids: [ "CWE-502", ], github_reviewed: true, github_reviewed_at: "2023-09-12T13:53:19Z", nvd_published_at: "2023-09-11T21:15:41Z", severity: "MODERATE", }, details: "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server. ", id: "GHSA-m5q8-58wh-xxq4", modified: "2024-05-03T20:22:27Z", published: "2023-09-11T21:30:17Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1415", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2022:6813", }, { type: "WEB", url: "https://access.redhat.com/security/cve/CVE-2022-1415", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065505", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", type: "CVSS_V3", }, ], summary: "Drools Core Deserialization of Untrusted Data vulnerability", }
fkie_cve-2022-1415
Vulnerability from fkie_nvd
Published
2023-09-11 21:15
Modified
2024-11-21 06:40
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2022:6813 | Vendor Advisory | |
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2022-1415 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2065505 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2022:6813 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2022-1415 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2065505 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | decision_manager | 7.0 | |
| redhat | drools | 7.69.0 | |
| redhat | jboss_middleware_text-only_advisories | - | |
| redhat | process_automation | 7.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*", matchCriteriaId: "68146098-58F8-417E-B165-5182527117C4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:drools:7.69.0:*:*:*:*:*:*:*", matchCriteriaId: "C63D3269-9F0C-44C4-AC56-FEBD51D5E780", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:-:*:*:*:*:*:*:*", matchCriteriaId: "434B744A-9665-4340-B02D-7923FCB2B562", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "20A6B40D-F991-4712-8E30-5FE008505CB7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.", }, { lang: "es", value: "Se encontró una falla en la que algunas clases de utilidad en el núcleo de Drools no usaban las medidas de seguridad adecuadas al deserializar datos. Esta falla permite a un atacante autenticado construir objetos serializados maliciosos (generalmente llamados gadgets) y lograr la ejecución de código en el servidor.", }, ], id: "CVE-2022-1415", lastModified: "2024-11-21T06:40:41.140", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-11T21:15:41.483", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2022:6813", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2022-1415", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065505", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2022:6813", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2022-1415", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065505", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.