Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2022-3143
Vulnerability from cvelistv5
Published
2023-01-11 20:57
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2022-3143 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2022-3143 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| redhat.com | Wildfly-elytron |
Version: 1.15.15 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:00:10.516Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Wildfly-elytron", vendor: "redhat.com", versions: [ { lessThan: "1.15.15", status: "affected", version: "1.15.15", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-13T04:22:02.451274Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-3143", datePublished: "2023-01-11T20:57:29.342Z", dateReserved: "2022-09-06T19:26:59.538Z", dateUpdated: "2024-08-03T01:00:10.516Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:wildfly_elytron:1.15.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"949CB761-318B-460A-85E9-7B8B4F867BFA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72A54BDA-311C-413B-8E4D-388AD65A170A\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.\"}, {\"lang\": \"es\", \"value\": \"wildfly-elytron: posibles ataques de sincronizaci\\u00f3n mediante el uso de un comparador inseguro. Se encontr\\u00f3 una falla en Wildfly-elytron. Wildfly-elytron utiliza java.util.Arrays.equals en varios lugares, lo que no es seguro y es vulnerable a ataques de sincronizaci\\u00f3n. Para comparar valores de forma segura, utilice java.security.MessageDigest.isEqual en su lugar. Esta falla permite a un atacante acceder a informaci\\u00f3n segura o hacerse pasar por un usuario autenticado.\"}]", id: "CVE-2022-3143", lastModified: "2024-11-21T07:18:54.993", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.2}]}", published: "2023-01-13T06:15:11.080", references: "[{\"url\": \"https://access.redhat.com/security/cve/CVE-2022-3143\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-3143\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]", sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-203\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2022-3143\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2023-01-13T06:15:11.080\",\"lastModified\":\"2024-11-21T07:18:54.993\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.\"},{\"lang\":\"es\",\"value\":\"wildfly-elytron: posibles ataques de sincronización mediante el uso de un comparador inseguro. Se encontró una falla en Wildfly-elytron. Wildfly-elytron utiliza java.util.Arrays.equals en varios lugares, lo que no es seguro y es vulnerable a ataques de sincronización. Para comparar valores de forma segura, utilice java.security.MessageDigest.isEqual en su lugar. Esta falla permite a un atacante acceder a información segura o hacerse pasar por un usuario autenticado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:wildfly_elytron:1.15.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"949CB761-318B-460A-85E9-7B8B4F867BFA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72A54BDA-311C-413B-8E4D-388AD65A170A\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-3143\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-3143\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
rhsa-2023:0556
Vulnerability from csaf_redhat
Published
2023-01-31 13:18
Modified
2025-03-25 17:03
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object's prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* jquery: Untrusted code execution via <option> tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0556", url: "https://access.redhat.com/errata/RHSA-2023:0556", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "JBEAP-23864", url: "https://issues.redhat.com/browse/JBEAP-23864", }, { category: "external", summary: "JBEAP-23865", url: "https://issues.redhat.com/browse/JBEAP-23865", }, { category: "external", summary: "JBEAP-23866", url: "https://issues.redhat.com/browse/JBEAP-23866", }, { category: "external", summary: "JBEAP-24055", url: "https://issues.redhat.com/browse/JBEAP-24055", }, { category: "external", summary: "JBEAP-24081", url: "https://issues.redhat.com/browse/JBEAP-24081", }, { category: "external", summary: "JBEAP-24095", url: "https://issues.redhat.com/browse/JBEAP-24095", }, { category: "external", summary: "JBEAP-24100", url: "https://issues.redhat.com/browse/JBEAP-24100", }, { category: "external", summary: "JBEAP-24127", url: "https://issues.redhat.com/browse/JBEAP-24127", }, { category: "external", summary: "JBEAP-24128", url: "https://issues.redhat.com/browse/JBEAP-24128", }, { category: "external", summary: "JBEAP-24132", url: "https://issues.redhat.com/browse/JBEAP-24132", }, { category: "external", summary: "JBEAP-24147", url: "https://issues.redhat.com/browse/JBEAP-24147", }, { category: "external", summary: "JBEAP-24167", url: "https://issues.redhat.com/browse/JBEAP-24167", }, { category: "external", summary: "JBEAP-24191", url: "https://issues.redhat.com/browse/JBEAP-24191", }, { category: "external", summary: "JBEAP-24195", url: "https://issues.redhat.com/browse/JBEAP-24195", }, { category: "external", summary: "JBEAP-24207", url: "https://issues.redhat.com/browse/JBEAP-24207", }, { category: "external", summary: "JBEAP-24248", url: "https://issues.redhat.com/browse/JBEAP-24248", }, { category: "external", summary: "JBEAP-24426", url: "https://issues.redhat.com/browse/JBEAP-24426", }, { category: "external", summary: "JBEAP-24427", url: "https://issues.redhat.com/browse/JBEAP-24427", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0556.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update", tracking: { current_release_date: "2025-03-25T17:03:00+00:00", generator: { date: "2025-03-25T17:03:00+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:0556", initial_release_date: "2023-01-31T13:18:26+00:00", revision_history: [ { date: "2023-01-31T13:18:26+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-31T13:18:26+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-25T17:03:00+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7", product: { name: "Red Hat JBoss Enterprise Application Platform 7", product_id: "Red Hat JBoss Enterprise Application Platform 7", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2015-9251", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2016-11-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1399546", }, ], notes: [ { category: "description", text: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting via cross-domain ajax requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-9251", }, { category: "external", summary: "RHBZ#1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-9251", url: "https://www.cve.org/CVERecord?id=CVE-2015-9251", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", }, ], release_date: "2015-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting via cross-domain ajax requests", }, { cve: "CVE-2016-10735", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-01-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1668097", }, ], notes: [ { category: "description", text: "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the data-target attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-10735", }, { category: "external", summary: "RHBZ#1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-10735", url: "https://www.cve.org/CVERecord?id=CVE-2016-10735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", }, ], release_date: "2016-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the data-target attribute", }, { cve: "CVE-2017-18214", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-03-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1553413", }, ], notes: [ { category: "description", text: "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-moment: Regular expression denial of service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18214", }, { category: "external", summary: "RHBZ#1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18214", url: "https://www.cve.org/CVERecord?id=CVE-2017-18214", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", }, ], release_date: "2017-09-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-moment: Regular expression denial of service", }, { cve: "CVE-2018-14040", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601614", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14040", }, { category: "external", summary: "RHBZ#1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14040", url: "https://www.cve.org/CVERecord?id=CVE-2018-14040", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", }, { cve: "CVE-2018-14041", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601616", }, ], notes: [ { category: "description", text: "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14041", }, { category: "external", summary: "RHBZ#1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14041", url: "https://www.cve.org/CVERecord?id=CVE-2018-14041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", }, { cve: "CVE-2018-14042", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601617", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14042", }, { category: "external", summary: "RHBZ#1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14042", url: "https://www.cve.org/CVERecord?id=CVE-2018-14042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", }, { cve: "CVE-2019-8331", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-02-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1686454", }, ], notes: [ { category: "description", text: "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the tooltip or popover data-template attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-8331", }, { category: "external", summary: "RHBZ#1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-8331", url: "https://www.cve.org/CVERecord?id=CVE-2019-8331", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", }, ], release_date: "2019-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the tooltip or popover data-template attribute", }, { cve: "CVE-2019-11358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-03-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1701972", }, ], notes: [ { category: "description", text: "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11358", }, { category: "external", summary: "RHBZ#1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11358", url: "https://www.cve.org/CVERecord?id=CVE-2019-11358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", }, { category: "external", summary: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { category: "external", summary: "https://www.drupal.org/sa-core-2019-006", url: "https://www.drupal.org/sa-core-2019-006", }, ], release_date: "2019-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", }, { cve: "CVE-2020-11022", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-04-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1828406", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", title: "Vulnerability summary", }, { category: "other", text: "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11022", }, { category: "external", summary: "RHBZ#1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11022", url: "https://www.cve.org/CVERecord?id=CVE-2020-11022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", }, { category: "external", summary: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", url: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", }, ], release_date: "2020-04-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", }, { cve: "CVE-2020-11023", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-06-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1850004", }, ], notes: [ { category: "description", text: "A flaw was found in jQuery. HTML containing \\<option\\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The 'gcc' and 'tbb' packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the 'gcc' component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11023", }, { category: "external", summary: "RHBZ#1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11023", url: "https://www.cve.org/CVERecord?id=CVE-2020-11023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", }, { category: "external", summary: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2020-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "exploit_status", date: "2025-01-23T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Low", }, ], title: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", }, { cve: "CVE-2022-3143", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, discovery_date: "2022-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2124682", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", title: "Vulnerability description", }, { category: "summary", text: "wildfly-elytron: possible timing attacks via use of unsafe comparator", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, { category: "external", summary: "RHBZ#2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3143", url: "https://www.cve.org/CVERecord?id=CVE-2022-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", }, ], release_date: "2022-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly-elytron: possible timing attacks via use of unsafe comparator", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46363", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155681", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", title: "Vulnerability description", }, { category: "summary", text: "CXF: directory listing / code exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46363", }, { category: "external", summary: "RHBZ#2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46363", url: "https://www.cve.org/CVERecord?id=CVE-2022-46363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", }, { category: "external", summary: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", url: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: directory listing / code exfiltration", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, ], }
rhsa-2023:0552
Vulnerability from csaf_redhat
Published
2023-01-31 13:15
Modified
2025-03-25 16:59
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0552", url: "https://access.redhat.com/errata/RHSA-2023:0552", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "JBEAP-23864", url: "https://issues.redhat.com/browse/JBEAP-23864", }, { category: "external", summary: "JBEAP-23865", url: "https://issues.redhat.com/browse/JBEAP-23865", }, { category: "external", summary: "JBEAP-23866", url: "https://issues.redhat.com/browse/JBEAP-23866", }, { category: "external", summary: "JBEAP-23926", url: "https://issues.redhat.com/browse/JBEAP-23926", }, { category: "external", summary: "JBEAP-24055", url: "https://issues.redhat.com/browse/JBEAP-24055", }, { category: "external", summary: "JBEAP-24081", url: "https://issues.redhat.com/browse/JBEAP-24081", }, { category: "external", summary: "JBEAP-24095", url: "https://issues.redhat.com/browse/JBEAP-24095", }, { category: "external", summary: "JBEAP-24100", url: "https://issues.redhat.com/browse/JBEAP-24100", }, { category: "external", summary: "JBEAP-24127", url: "https://issues.redhat.com/browse/JBEAP-24127", }, { category: "external", summary: "JBEAP-24128", url: "https://issues.redhat.com/browse/JBEAP-24128", }, { category: "external", summary: "JBEAP-24132", url: "https://issues.redhat.com/browse/JBEAP-24132", }, { category: "external", summary: "JBEAP-24147", url: "https://issues.redhat.com/browse/JBEAP-24147", }, { category: "external", summary: "JBEAP-24167", url: "https://issues.redhat.com/browse/JBEAP-24167", }, { category: "external", summary: "JBEAP-24191", url: "https://issues.redhat.com/browse/JBEAP-24191", }, { category: "external", summary: "JBEAP-24195", url: "https://issues.redhat.com/browse/JBEAP-24195", }, { category: "external", summary: "JBEAP-24207", url: "https://issues.redhat.com/browse/JBEAP-24207", }, { category: "external", summary: "JBEAP-24248", url: "https://issues.redhat.com/browse/JBEAP-24248", }, { category: "external", summary: "JBEAP-24426", url: "https://issues.redhat.com/browse/JBEAP-24426", }, { category: "external", summary: "JBEAP-24427", url: "https://issues.redhat.com/browse/JBEAP-24427", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0552.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update", tracking: { current_release_date: "2025-03-25T16:59:18+00:00", generator: { date: "2025-03-25T16:59:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:0552", initial_release_date: "2023-01-31T13:15:22+00:00", revision_history: [ { date: "2023-01-31T13:15:22+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-31T13:15:22+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-25T16:59:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", product: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", product_id: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-elytron-web@1.9.3-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", product: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", product_id: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", product: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", product_id: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", product: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", product_id: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", product: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", product_id: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", product_id: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", product: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", product_id: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el7eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow-server@1.9.3-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", product: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", product_id: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", product: { name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", product_id: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", product: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", product_id: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", product: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", product_id: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.16-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-24.Final_redhat_00023.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-24.Final_redhat_00023.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", }, product_reference: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", }, product_reference: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", }, product_reference: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", }, product_reference: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2015-9251", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2016-11-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1399546", }, ], notes: [ { category: "description", text: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting via cross-domain ajax requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-9251", }, { category: "external", summary: "RHBZ#1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-9251", url: "https://www.cve.org/CVERecord?id=CVE-2015-9251", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", }, ], release_date: "2015-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting via cross-domain ajax requests", }, { cve: "CVE-2016-10735", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-01-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1668097", }, ], notes: [ { category: "description", text: "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the data-target attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-10735", }, { category: "external", summary: "RHBZ#1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-10735", url: "https://www.cve.org/CVERecord?id=CVE-2016-10735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", }, ], release_date: "2016-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the data-target attribute", }, { cve: "CVE-2017-18214", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-03-08T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1553413", }, ], notes: [ { category: "description", text: "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-moment: Regular expression denial of service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18214", }, { category: "external", summary: "RHBZ#1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18214", url: "https://www.cve.org/CVERecord?id=CVE-2017-18214", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", }, ], release_date: "2017-09-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-moment: Regular expression denial of service", }, { cve: "CVE-2018-14040", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601614", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14040", }, { category: "external", summary: "RHBZ#1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14040", url: "https://www.cve.org/CVERecord?id=CVE-2018-14040", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", }, { cve: "CVE-2018-14041", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601616", }, ], notes: [ { category: "description", text: "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14041", }, { category: "external", summary: "RHBZ#1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14041", url: "https://www.cve.org/CVERecord?id=CVE-2018-14041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", }, { cve: "CVE-2018-14042", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601617", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14042", }, { category: "external", summary: "RHBZ#1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14042", url: "https://www.cve.org/CVERecord?id=CVE-2018-14042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", }, { cve: "CVE-2019-8331", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-02-20T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1686454", }, ], notes: [ { category: "description", text: "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the tooltip or popover data-template attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-8331", }, { category: "external", summary: "RHBZ#1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-8331", url: "https://www.cve.org/CVERecord?id=CVE-2019-8331", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", }, ], release_date: "2019-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the tooltip or popover data-template attribute", }, { cve: "CVE-2019-11358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-03-28T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1701972", }, ], notes: [ { category: "description", text: "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11358", }, { category: "external", summary: "RHBZ#1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11358", url: "https://www.cve.org/CVERecord?id=CVE-2019-11358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", }, { category: "external", summary: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { category: "external", summary: "https://www.drupal.org/sa-core-2019-006", url: "https://www.drupal.org/sa-core-2019-006", }, ], release_date: "2019-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", }, { cve: "CVE-2020-11022", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-04-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1828406", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", title: "Vulnerability summary", }, { category: "other", text: "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11022", }, { category: "external", summary: "RHBZ#1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11022", url: "https://www.cve.org/CVERecord?id=CVE-2020-11022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", }, { category: "external", summary: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", url: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", }, ], release_date: "2020-04-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", }, { cve: "CVE-2020-11023", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-06-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1850004", }, ], notes: [ { category: "description", text: "A flaw was found in jQuery. HTML containing \\<option\\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The 'gcc' and 'tbb' packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the 'gcc' component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11023", }, { category: "external", summary: "RHBZ#1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11023", url: "https://www.cve.org/CVERecord?id=CVE-2020-11023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", }, { category: "external", summary: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2020-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "exploit_status", date: "2025-01-23T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Low", }, ], title: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", }, { cve: "CVE-2022-3143", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, discovery_date: "2022-09-06T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2124682", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", title: "Vulnerability description", }, { category: "summary", text: "wildfly-elytron: possible timing attacks via use of unsafe comparator", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, { category: "external", summary: "RHBZ#2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3143", url: "https://www.cve.org/CVERecord?id=CVE-2022-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", }, ], release_date: "2022-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly-elytron: possible timing attacks via use of unsafe comparator", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, ], }
rhsa-2023_0556
Vulnerability from csaf_redhat
Published
2023-01-31 13:18
Modified
2024-12-16 02:19
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object's prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* jquery: Untrusted code execution via <option> tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0556", url: "https://access.redhat.com/errata/RHSA-2023:0556", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "JBEAP-23864", url: "https://issues.redhat.com/browse/JBEAP-23864", }, { category: "external", summary: "JBEAP-23865", url: "https://issues.redhat.com/browse/JBEAP-23865", }, { category: "external", summary: "JBEAP-23866", url: "https://issues.redhat.com/browse/JBEAP-23866", }, { category: "external", summary: "JBEAP-24055", url: "https://issues.redhat.com/browse/JBEAP-24055", }, { category: "external", summary: "JBEAP-24081", url: "https://issues.redhat.com/browse/JBEAP-24081", }, { category: "external", summary: "JBEAP-24095", url: "https://issues.redhat.com/browse/JBEAP-24095", }, { category: "external", summary: "JBEAP-24100", url: "https://issues.redhat.com/browse/JBEAP-24100", }, { category: "external", summary: "JBEAP-24127", url: "https://issues.redhat.com/browse/JBEAP-24127", }, { category: "external", summary: "JBEAP-24128", url: "https://issues.redhat.com/browse/JBEAP-24128", }, { category: "external", summary: "JBEAP-24132", url: "https://issues.redhat.com/browse/JBEAP-24132", }, { category: "external", summary: "JBEAP-24147", url: "https://issues.redhat.com/browse/JBEAP-24147", }, { category: "external", summary: "JBEAP-24167", url: "https://issues.redhat.com/browse/JBEAP-24167", }, { category: "external", summary: "JBEAP-24191", url: "https://issues.redhat.com/browse/JBEAP-24191", }, { category: "external", summary: "JBEAP-24195", url: "https://issues.redhat.com/browse/JBEAP-24195", }, { category: "external", summary: "JBEAP-24207", url: "https://issues.redhat.com/browse/JBEAP-24207", }, { category: "external", summary: "JBEAP-24248", url: "https://issues.redhat.com/browse/JBEAP-24248", }, { category: "external", summary: "JBEAP-24426", url: "https://issues.redhat.com/browse/JBEAP-24426", }, { category: "external", summary: "JBEAP-24427", url: "https://issues.redhat.com/browse/JBEAP-24427", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0556.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update", tracking: { current_release_date: "2024-12-16T02:19:57+00:00", generator: { date: "2024-12-16T02:19:57+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:0556", initial_release_date: "2023-01-31T13:18:26+00:00", revision_history: [ { date: "2023-01-31T13:18:26+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-31T13:18:26+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T02:19:57+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7", product: { name: "Red Hat JBoss Enterprise Application Platform 7", product_id: "Red Hat JBoss Enterprise Application Platform 7", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2015-9251", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2016-11-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1399546", }, ], notes: [ { category: "description", text: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting via cross-domain ajax requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-9251", }, { category: "external", summary: "RHBZ#1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-9251", url: "https://www.cve.org/CVERecord?id=CVE-2015-9251", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", }, ], release_date: "2015-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting via cross-domain ajax requests", }, { cve: "CVE-2016-10735", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-01-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1668097", }, ], notes: [ { category: "description", text: "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the data-target attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-10735", }, { category: "external", summary: "RHBZ#1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-10735", url: "https://www.cve.org/CVERecord?id=CVE-2016-10735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", }, ], release_date: "2016-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the data-target attribute", }, { cve: "CVE-2017-18214", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-03-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1553413", }, ], notes: [ { category: "description", text: "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-moment: Regular expression denial of service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18214", }, { category: "external", summary: "RHBZ#1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18214", url: "https://www.cve.org/CVERecord?id=CVE-2017-18214", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", }, ], release_date: "2017-09-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-moment: Regular expression denial of service", }, { cve: "CVE-2018-14040", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601614", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14040", }, { category: "external", summary: "RHBZ#1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14040", url: "https://www.cve.org/CVERecord?id=CVE-2018-14040", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", }, { cve: "CVE-2018-14041", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601616", }, ], notes: [ { category: "description", text: "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14041", }, { category: "external", summary: "RHBZ#1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14041", url: "https://www.cve.org/CVERecord?id=CVE-2018-14041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", }, { cve: "CVE-2018-14042", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601617", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14042", }, { category: "external", summary: "RHBZ#1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14042", url: "https://www.cve.org/CVERecord?id=CVE-2018-14042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", }, { cve: "CVE-2019-8331", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-02-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1686454", }, ], notes: [ { category: "description", text: "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the tooltip or popover data-template attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-8331", }, { category: "external", summary: "RHBZ#1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-8331", url: "https://www.cve.org/CVERecord?id=CVE-2019-8331", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", }, ], release_date: "2019-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the tooltip or popover data-template attribute", }, { cve: "CVE-2019-11358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-03-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1701972", }, ], notes: [ { category: "description", text: "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11358", }, { category: "external", summary: "RHBZ#1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11358", url: "https://www.cve.org/CVERecord?id=CVE-2019-11358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", }, { category: "external", summary: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { category: "external", summary: "https://www.drupal.org/sa-core-2019-006", url: "https://www.drupal.org/sa-core-2019-006", }, ], release_date: "2019-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", }, { cve: "CVE-2020-11022", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-04-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1828406", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", title: "Vulnerability summary", }, { category: "other", text: "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11022", }, { category: "external", summary: "RHBZ#1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11022", url: "https://www.cve.org/CVERecord?id=CVE-2020-11022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", }, { category: "external", summary: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", url: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", }, ], release_date: "2020-04-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", }, { cve: "CVE-2020-11023", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-06-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1850004", }, ], notes: [ { category: "description", text: "A flaw was found in jQuery. HTML containing \\<option\\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11023", }, { category: "external", summary: "RHBZ#1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11023", url: "https://www.cve.org/CVERecord?id=CVE-2020-11023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", }, { category: "external", summary: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, ], release_date: "2020-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", }, { cve: "CVE-2022-3143", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, discovery_date: "2022-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2124682", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", title: "Vulnerability description", }, { category: "summary", text: "wildfly-elytron: possible timing attacks via use of unsafe comparator", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, { category: "external", summary: "RHBZ#2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3143", url: "https://www.cve.org/CVERecord?id=CVE-2022-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", }, ], release_date: "2022-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly-elytron: possible timing attacks via use of unsafe comparator", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46363", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155681", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", title: "Vulnerability description", }, { category: "summary", text: "CXF: directory listing / code exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46363", }, { category: "external", summary: "RHBZ#2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46363", url: "https://www.cve.org/CVERecord?id=CVE-2022-46363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", }, { category: "external", summary: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", url: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: directory listing / code exfiltration", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, ], }
RHSA-2023:4983
Vulnerability from csaf_redhat
Published
2023-09-05 18:37
Modified
2025-03-24 12:02
Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fixes:
* apache-bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* loader-utils: regular expression denial of service in interpolateName.js (CVE-2022-37599)
* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* RESTEasy: creation of insecure temp files (CVE-2023-0482)
* sshd-core: mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* apache-bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* loader-utils: regular expression denial of service in interpolateName.js (CVE-2022-37599)\n\n* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\n* sshd-core: mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4983", url: "https://access.redhat.com/errata/RHSA-2023:4983", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1981527", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1981527", }, { category: "external", summary: "2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2134872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134872", }, { category: "external", summary: "2137645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137645", }, { category: "external", summary: "2142707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142707", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2166004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2166004", }, { category: "external", summary: "2170644", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170644", }, { category: "external", summary: "2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "2209342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209342", }, { category: "external", summary: "RHPAM-4639", url: "https://issues.redhat.com/browse/RHPAM-4639", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4983.json", }, ], title: "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update", tracking: { current_release_date: "2025-03-24T12:02:54+00:00", generator: { date: "2025-03-24T12:02:54+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4983", initial_release_date: "2023-09-05T18:37:03+00:00", revision_history: [ { date: "2023-09-05T18:37:03+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-05T18:37:03+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-24T12:02:54+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHPAM 7.13.4 async", product: { name: "RHPAM 7.13.4 async", product_id: "RHPAM 7.13.4 async", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", }, }, }, ], category: "product_family", name: "Red Hat Process Automation Manager", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-30129", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1981527", }, ], notes: [ { category: "description", text: "A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server", title: "Vulnerability summary", }, { category: "other", text: "Red Hat OpenStack Platform's OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-30129", }, { category: "external", summary: "RHBZ#1981527", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1981527", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-30129", url: "https://www.cve.org/CVERecord?id=CVE-2021-30129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-30129", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-30129", }, ], release_date: "2021-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server", }, { cve: "CVE-2022-3143", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, discovery_date: "2022-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2124682", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", title: "Vulnerability description", }, { category: "summary", text: "wildfly-elytron: possible timing attacks via use of unsafe comparator", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, { category: "external", summary: "RHBZ#2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3143", url: "https://www.cve.org/CVERecord?id=CVE-2022-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", }, ], release_date: "2022-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly-elytron: possible timing attacks via use of unsafe comparator", }, { cve: "CVE-2022-3171", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2137645", }, ], notes: [ { category: "description", text: "A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.", title: "Vulnerability description", }, { category: "summary", text: "protobuf-java: timeout in parser leads to DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3171", }, { category: "external", summary: "RHBZ#2137645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137645", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3171", url: "https://www.cve.org/CVERecord?id=CVE-2022-3171", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3171", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3171", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2", url: "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2", }, ], release_date: "2022-10-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "protobuf-java: timeout in parser leads to DoS", }, { cve: "CVE-2022-3509", cwe: { id: "CWE-915", name: "Improperly Controlled Modification of Dynamically-Determined Object Attributes", }, discovery_date: "2022-12-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2184161", }, ], notes: [ { category: "description", text: "A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.", title: "Vulnerability description", }, { category: "summary", text: "protobuf-java: Textformat parsing issue leads to DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3509", }, { category: "external", summary: "RHBZ#2184161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184161", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3509", url: "https://www.cve.org/CVERecord?id=CVE-2022-3509", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3509", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3509", }, ], release_date: "2022-12-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "protobuf-java: Textformat parsing issue leads to DoS", }, { cve: "CVE-2022-3510", cwe: { id: "CWE-915", name: "Improperly Controlled Modification of Dynamically-Determined Object Attributes", }, discovery_date: "2022-12-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2184176", }, ], notes: [ { category: "description", text: "A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.", title: "Vulnerability description", }, { category: "summary", text: "protobuf-java: Message-Type Extensions parsing issue leads to DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3510", }, { category: "external", summary: "RHBZ#2184176", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184176", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3510", url: "https://www.cve.org/CVERecord?id=CVE-2022-3510", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3510", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3510", }, ], release_date: "2022-12-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "protobuf-java: Message-Type Extensions parsing issue leads to DoS", }, { cve: "CVE-2022-4492", cwe: { id: "CWE-550", name: "Server-generated Error Message Containing Sensitive Information", }, discovery_date: "2022-12-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2153260", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Server identity in https connection is not checked by the undertow client", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4492", }, { category: "external", summary: "RHBZ#2153260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153260", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4492", url: "https://www.cve.org/CVERecord?id=CVE-2022-4492", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", }, ], release_date: "2022-12-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Server identity in https connection is not checked by the undertow client", }, { cve: "CVE-2022-25857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2126789", }, ], notes: [ { category: "description", text: "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", title: "Vulnerability summary", }, { category: "other", text: "For RHEL-8 it's downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn't shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it's not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25857", }, { category: "external", summary: "RHBZ#2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25857", url: "https://www.cve.org/CVERecord?id=CVE-2022-25857", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", }, ], release_date: "2022-08-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", }, { cve: "CVE-2022-37599", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134872", }, ], notes: [ { category: "description", text: "A flaw was found in the interpolateName function in interpolateName.js in the webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. This flaw can lead to a regular expression denial of service (ReDoS).", title: "Vulnerability description", }, { category: "summary", text: "loader-utils: regular expression denial of service in interpolateName.js", title: "Vulnerability summary", }, { category: "other", text: "In Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container and openshift-logging/logging-view-plugin-rhel8 bundles many nodejs packages as a build time dependencies, including loader-utils package. The vulnerable code is not used hence the impact to OpenShift Logging by this vulnerability is Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-37599", }, { category: "external", summary: "RHBZ#2134872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134872", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-37599", url: "https://www.cve.org/CVERecord?id=CVE-2022-37599", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-37599", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-37599", }, { category: "external", summary: "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", url: "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", }, { category: "external", summary: "https://github.com/webpack/loader-utils/issues/211", url: "https://github.com/webpack/loader-utils/issues/211", }, ], release_date: "2022-10-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", product_ids: [ "RHPAM 7.13.4 async", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "loader-utils: regular expression denial of service in interpolateName.js", }, { cve: "CVE-2022-38900", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-02-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2170644", }, ], notes: [ { category: "description", text: "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "decode-uri-component: improper input validation resulting in DoS", title: "Vulnerability summary", }, { category: "other", text: "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38900", }, { category: "external", summary: "RHBZ#2170644", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170644", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38900", url: "https://www.cve.org/CVERecord?id=CVE-2022-38900", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", }, { category: "external", summary: "https://github.com/SamVerschueren/decode-uri-component/issues/5", url: "https://github.com/SamVerschueren/decode-uri-component/issues/5", }, { category: "external", summary: "https://github.com/advisories/GHSA-w573-4hg7-7wgq", url: "https://github.com/advisories/GHSA-w573-4hg7-7wgq", }, ], release_date: "2022-11-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "decode-uri-component: improper input validation resulting in DoS", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-41854", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2151988", }, ], notes: [ { category: "description", text: "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "dev-java/snakeyaml: DoS via stack overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41854", }, { category: "external", summary: "RHBZ#2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41854", url: "https://www.cve.org/CVERecord?id=CVE-2022-41854", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", }, { category: "external", summary: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", }, ], release_date: "2022-11-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "dev-java/snakeyaml: DoS via stack overflow", }, { cve: "CVE-2022-42920", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2142707", }, ], notes: [ { category: "description", text: "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.", title: "Vulnerability description", }, { category: "summary", text: "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing", title: "Vulnerability summary", }, { category: "other", text: "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42920", }, { category: "external", summary: "RHBZ#2142707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42920", url: "https://www.cve.org/CVERecord?id=CVE-2022-42920", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42920", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42920", }, { category: "external", summary: "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4", url: "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4", }, ], release_date: "2022-11-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "RHPAM 7.13.4 async", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2023-0482", cwe: { id: "CWE-378", name: "Creation of Temporary File With Insecure Permissions", }, discovery_date: "2023-01-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2166004", }, ], notes: [ { category: "description", text: "In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.", title: "Vulnerability description", }, { category: "summary", text: "RESTEasy: creation of insecure temp files", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0482", }, { category: "external", summary: "RHBZ#2166004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2166004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0482", url: "https://www.cve.org/CVERecord?id=CVE-2023-0482", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0482", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0482", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "RESTEasy: creation of insecure temp files", }, { cve: "CVE-2023-20860", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180528", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20860", }, { category: "external", summary: "RHBZ#2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20860", url: "https://www.cve.org/CVERecord?id=CVE-2023-20860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", }, { cve: "CVE-2023-20861", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180530", }, ], notes: [ { category: "description", text: "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "springframework: Spring Expression DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20861", }, { category: "external", summary: "RHBZ#2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20861", url: "https://www.cve.org/CVERecord?id=CVE-2023-20861", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: Spring Expression DoS Vulnerability", }, { cve: "CVE-2023-20883", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-05-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209342", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.", title: "Vulnerability description", }, { category: "summary", text: "spring-boot: Spring Boot Welcome Page DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20883", }, { category: "external", summary: "RHBZ#2209342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20883", url: "https://www.cve.org/CVERecord?id=CVE-2023-20883", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", }, ], release_date: "2023-05-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-boot: Spring Boot Welcome Page DoS Vulnerability", }, { cve: "CVE-2023-24998", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-02-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2172298", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.", title: "Vulnerability description", }, { category: "summary", text: "FileUpload: FileUpload DoS with excessive parts", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-24998", }, { category: "external", summary: "RHBZ#2172298", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172298", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-24998", url: "https://www.cve.org/CVERecord?id=CVE-2023-24998", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", }, { category: "external", summary: "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", url: "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", }, ], release_date: "2023-02-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "FileUpload: FileUpload DoS with excessive parts", }, ], }
rhsa-2023:0553
Vulnerability from csaf_redhat
Published
2023-01-31 13:12
Modified
2025-03-25 16:59
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
(CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
(CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
(CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability
(CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator
(CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
(CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data
(CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object's prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n(CVE-2018-14040)\n\n* jquery: Untrusted code execution via <option> tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n(CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy\n(CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability\n(CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator\n(CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n(CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data\n(CVE-2022-40150)\n\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0553", url: "https://access.redhat.com/errata/RHSA-2023:0553", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "JBEAP-23864", url: "https://issues.redhat.com/browse/JBEAP-23864", }, { category: "external", summary: "JBEAP-23865", url: "https://issues.redhat.com/browse/JBEAP-23865", }, { category: "external", summary: "JBEAP-23866", url: "https://issues.redhat.com/browse/JBEAP-23866", }, { category: "external", summary: "JBEAP-23927", url: "https://issues.redhat.com/browse/JBEAP-23927", }, { category: "external", summary: "JBEAP-24055", url: "https://issues.redhat.com/browse/JBEAP-24055", }, { category: "external", summary: "JBEAP-24081", url: "https://issues.redhat.com/browse/JBEAP-24081", }, { category: "external", summary: "JBEAP-24095", url: "https://issues.redhat.com/browse/JBEAP-24095", }, { category: "external", summary: "JBEAP-24100", url: "https://issues.redhat.com/browse/JBEAP-24100", }, { category: "external", summary: "JBEAP-24127", url: "https://issues.redhat.com/browse/JBEAP-24127", }, { category: "external", summary: "JBEAP-24128", url: "https://issues.redhat.com/browse/JBEAP-24128", }, { category: "external", summary: "JBEAP-24132", url: "https://issues.redhat.com/browse/JBEAP-24132", }, { category: "external", summary: "JBEAP-24147", url: "https://issues.redhat.com/browse/JBEAP-24147", }, { category: "external", summary: "JBEAP-24167", url: "https://issues.redhat.com/browse/JBEAP-24167", }, { category: "external", summary: "JBEAP-24191", url: "https://issues.redhat.com/browse/JBEAP-24191", }, { category: "external", summary: "JBEAP-24195", url: "https://issues.redhat.com/browse/JBEAP-24195", }, { category: "external", summary: "JBEAP-24207", url: "https://issues.redhat.com/browse/JBEAP-24207", }, { category: "external", summary: "JBEAP-24248", url: "https://issues.redhat.com/browse/JBEAP-24248", }, { category: "external", summary: "JBEAP-24426", url: "https://issues.redhat.com/browse/JBEAP-24426", }, { category: "external", summary: "JBEAP-24427", url: "https://issues.redhat.com/browse/JBEAP-24427", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0553.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update", tracking: { current_release_date: "2025-03-25T16:59:28+00:00", generator: { date: "2025-03-25T16:59:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:0553", initial_release_date: "2023-01-31T13:12:13+00:00", revision_history: [ { date: "2023-01-31T13:12:13+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-31T13:12:13+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-25T16:59:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 8", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-elytron-web@1.9.3-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", product: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", product_id: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", product: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", product_id: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", product: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", product_id: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", product: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", product_id: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", product: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", product_id: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", product: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", product_id: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el8eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow-server@1.9.3-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", product: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", product_id: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", product: { name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", product_id: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", product: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", product_id: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", product: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", product_id: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.16-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-24.Final_redhat_00023.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-24.Final_redhat_00023.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.9-4.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.9-4.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", }, product_reference: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", }, product_reference: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", }, product_reference: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", }, product_reference: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2015-9251", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2016-11-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1399546", }, ], notes: [ { category: "description", text: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting via cross-domain ajax requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-9251", }, { category: "external", summary: "RHBZ#1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-9251", url: "https://www.cve.org/CVERecord?id=CVE-2015-9251", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", }, ], release_date: "2015-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting via cross-domain ajax requests", }, { cve: "CVE-2016-10735", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-01-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1668097", }, ], notes: [ { category: "description", text: "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the data-target attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-10735", }, { category: "external", summary: "RHBZ#1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-10735", url: "https://www.cve.org/CVERecord?id=CVE-2016-10735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", }, ], release_date: "2016-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the data-target attribute", }, { cve: "CVE-2017-18214", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-03-08T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1553413", }, ], notes: [ { category: "description", text: "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-moment: Regular expression denial of service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18214", }, { category: "external", summary: "RHBZ#1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18214", url: "https://www.cve.org/CVERecord?id=CVE-2017-18214", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", }, ], release_date: "2017-09-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-moment: Regular expression denial of service", }, { cve: "CVE-2018-14040", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601614", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14040", }, { category: "external", summary: "RHBZ#1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14040", url: "https://www.cve.org/CVERecord?id=CVE-2018-14040", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", }, { cve: "CVE-2018-14041", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601616", }, ], notes: [ { category: "description", text: "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14041", }, { category: "external", summary: "RHBZ#1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14041", url: "https://www.cve.org/CVERecord?id=CVE-2018-14041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", }, { cve: "CVE-2018-14042", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601617", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14042", }, { category: "external", summary: "RHBZ#1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14042", url: "https://www.cve.org/CVERecord?id=CVE-2018-14042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", }, { cve: "CVE-2019-8331", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-02-20T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1686454", }, ], notes: [ { category: "description", text: "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the tooltip or popover data-template attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-8331", }, { category: "external", summary: "RHBZ#1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-8331", url: "https://www.cve.org/CVERecord?id=CVE-2019-8331", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", }, ], release_date: "2019-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the tooltip or popover data-template attribute", }, { cve: "CVE-2019-11358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-03-28T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1701972", }, ], notes: [ { category: "description", text: "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11358", }, { category: "external", summary: "RHBZ#1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11358", url: "https://www.cve.org/CVERecord?id=CVE-2019-11358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", }, { category: "external", summary: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { category: "external", summary: "https://www.drupal.org/sa-core-2019-006", url: "https://www.drupal.org/sa-core-2019-006", }, ], release_date: "2019-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", }, { cve: "CVE-2020-11022", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-04-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1828406", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", title: "Vulnerability summary", }, { category: "other", text: "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11022", }, { category: "external", summary: "RHBZ#1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11022", url: "https://www.cve.org/CVERecord?id=CVE-2020-11022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", }, { category: "external", summary: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", url: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", }, ], release_date: "2020-04-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", }, { cve: "CVE-2020-11023", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-06-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1850004", }, ], notes: [ { category: "description", text: "A flaw was found in jQuery. HTML containing \\<option\\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The 'gcc' and 'tbb' packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the 'gcc' component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11023", }, { category: "external", summary: "RHBZ#1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11023", url: "https://www.cve.org/CVERecord?id=CVE-2020-11023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", }, { category: "external", summary: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2020-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "exploit_status", date: "2025-01-23T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Low", }, ], title: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", }, { cve: "CVE-2022-3143", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, discovery_date: "2022-09-06T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2124682", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", title: "Vulnerability description", }, { category: "summary", text: "wildfly-elytron: possible timing attacks via use of unsafe comparator", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, { category: "external", summary: "RHBZ#2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3143", url: "https://www.cve.org/CVERecord?id=CVE-2022-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", }, ], release_date: "2022-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly-elytron: possible timing attacks via use of unsafe comparator", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, ], }
rhsa-2023_0553
Vulnerability from csaf_redhat
Published
2023-01-31 13:12
Modified
2024-12-16 02:20
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
(CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
(CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
(CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability
(CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator
(CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
(CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data
(CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object's prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n(CVE-2018-14040)\n\n* jquery: Untrusted code execution via <option> tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n(CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy\n(CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability\n(CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator\n(CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n(CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data\n(CVE-2022-40150)\n\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0553", url: "https://access.redhat.com/errata/RHSA-2023:0553", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "JBEAP-23864", url: "https://issues.redhat.com/browse/JBEAP-23864", }, { category: "external", summary: "JBEAP-23865", url: "https://issues.redhat.com/browse/JBEAP-23865", }, { category: "external", summary: "JBEAP-23866", url: "https://issues.redhat.com/browse/JBEAP-23866", }, { category: "external", summary: "JBEAP-23927", url: "https://issues.redhat.com/browse/JBEAP-23927", }, { category: "external", summary: "JBEAP-24055", url: "https://issues.redhat.com/browse/JBEAP-24055", }, { category: "external", summary: "JBEAP-24081", url: "https://issues.redhat.com/browse/JBEAP-24081", }, { category: "external", summary: "JBEAP-24095", url: "https://issues.redhat.com/browse/JBEAP-24095", }, { category: "external", summary: "JBEAP-24100", url: "https://issues.redhat.com/browse/JBEAP-24100", }, { category: "external", summary: "JBEAP-24127", url: "https://issues.redhat.com/browse/JBEAP-24127", }, { category: "external", summary: "JBEAP-24128", url: "https://issues.redhat.com/browse/JBEAP-24128", }, { category: "external", summary: "JBEAP-24132", url: "https://issues.redhat.com/browse/JBEAP-24132", }, { category: "external", summary: "JBEAP-24147", url: "https://issues.redhat.com/browse/JBEAP-24147", }, { category: "external", summary: "JBEAP-24167", url: "https://issues.redhat.com/browse/JBEAP-24167", }, { category: "external", summary: "JBEAP-24191", url: "https://issues.redhat.com/browse/JBEAP-24191", }, { category: "external", summary: "JBEAP-24195", url: "https://issues.redhat.com/browse/JBEAP-24195", }, { category: "external", summary: "JBEAP-24207", url: "https://issues.redhat.com/browse/JBEAP-24207", }, { category: "external", summary: "JBEAP-24248", url: "https://issues.redhat.com/browse/JBEAP-24248", }, { category: "external", summary: "JBEAP-24426", url: "https://issues.redhat.com/browse/JBEAP-24426", }, { category: "external", summary: "JBEAP-24427", url: "https://issues.redhat.com/browse/JBEAP-24427", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0553.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update", tracking: { current_release_date: "2024-12-16T02:20:24+00:00", generator: { date: "2024-12-16T02:20:24+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:0553", initial_release_date: "2023-01-31T13:12:13+00:00", revision_history: [ { date: "2023-01-31T13:12:13+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-31T13:12:13+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T02:20:24+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 8", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-elytron-web@1.9.3-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", product: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", product_id: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", product: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", product_id: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", product: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", product_id: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", product: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", product_id: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", product: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", product_id: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", product: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", product_id: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el8eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow-server@1.9.3-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", product: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", product_id: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", product: { name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", product_id: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", product: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", product_id: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", product: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", product_id: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.16-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-24.Final_redhat_00023.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-24.Final_redhat_00023.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.9-4.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.9-4.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", }, product_reference: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", }, product_reference: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", }, product_reference: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", }, product_reference: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2015-9251", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2016-11-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1399546", }, ], notes: [ { category: "description", text: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting via cross-domain ajax requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-9251", }, { category: "external", summary: "RHBZ#1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-9251", url: "https://www.cve.org/CVERecord?id=CVE-2015-9251", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", }, ], release_date: "2015-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting via cross-domain ajax requests", }, { cve: "CVE-2016-10735", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-01-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1668097", }, ], notes: [ { category: "description", text: "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the data-target attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-10735", }, { category: "external", summary: "RHBZ#1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-10735", url: "https://www.cve.org/CVERecord?id=CVE-2016-10735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", }, ], release_date: "2016-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the data-target attribute", }, { cve: "CVE-2017-18214", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-03-08T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1553413", }, ], notes: [ { category: "description", text: "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-moment: Regular expression denial of service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18214", }, { category: "external", summary: "RHBZ#1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18214", url: "https://www.cve.org/CVERecord?id=CVE-2017-18214", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", }, ], release_date: "2017-09-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-moment: Regular expression denial of service", }, { cve: "CVE-2018-14040", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601614", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14040", }, { category: "external", summary: "RHBZ#1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14040", url: "https://www.cve.org/CVERecord?id=CVE-2018-14040", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", }, { cve: "CVE-2018-14041", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601616", }, ], notes: [ { category: "description", text: "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14041", }, { category: "external", summary: "RHBZ#1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14041", url: "https://www.cve.org/CVERecord?id=CVE-2018-14041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", }, { cve: "CVE-2018-14042", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601617", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14042", }, { category: "external", summary: "RHBZ#1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14042", url: "https://www.cve.org/CVERecord?id=CVE-2018-14042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", }, { cve: "CVE-2019-8331", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-02-20T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1686454", }, ], notes: [ { category: "description", text: "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the tooltip or popover data-template attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-8331", }, { category: "external", summary: "RHBZ#1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-8331", url: "https://www.cve.org/CVERecord?id=CVE-2019-8331", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", }, ], release_date: "2019-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the tooltip or popover data-template attribute", }, { cve: "CVE-2019-11358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-03-28T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1701972", }, ], notes: [ { category: "description", text: "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11358", }, { category: "external", summary: "RHBZ#1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11358", url: "https://www.cve.org/CVERecord?id=CVE-2019-11358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", }, { category: "external", summary: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { category: "external", summary: "https://www.drupal.org/sa-core-2019-006", url: "https://www.drupal.org/sa-core-2019-006", }, ], release_date: "2019-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", }, { cve: "CVE-2020-11022", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-04-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1828406", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", title: "Vulnerability summary", }, { category: "other", text: "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11022", }, { category: "external", summary: "RHBZ#1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11022", url: "https://www.cve.org/CVERecord?id=CVE-2020-11022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", }, { category: "external", summary: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", url: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", }, ], release_date: "2020-04-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", }, { cve: "CVE-2020-11023", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-06-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1850004", }, ], notes: [ { category: "description", text: "A flaw was found in jQuery. HTML containing \\<option\\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11023", }, { category: "external", summary: "RHBZ#1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11023", url: "https://www.cve.org/CVERecord?id=CVE-2020-11023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", }, { category: "external", summary: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, ], release_date: "2020-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", }, { cve: "CVE-2022-3143", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, discovery_date: "2022-09-06T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2124682", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", title: "Vulnerability description", }, { category: "summary", text: "wildfly-elytron: possible timing attacks via use of unsafe comparator", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, { category: "external", summary: "RHBZ#2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3143", url: "https://www.cve.org/CVERecord?id=CVE-2022-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", }, ], release_date: "2022-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly-elytron: possible timing attacks via use of unsafe comparator", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, ], }
RHSA-2023:0556
Vulnerability from csaf_redhat
Published
2023-01-31 13:18
Modified
2025-03-25 17:03
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object's prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* jquery: Untrusted code execution via <option> tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0556", url: "https://access.redhat.com/errata/RHSA-2023:0556", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "JBEAP-23864", url: "https://issues.redhat.com/browse/JBEAP-23864", }, { category: "external", summary: "JBEAP-23865", url: "https://issues.redhat.com/browse/JBEAP-23865", }, { category: "external", summary: "JBEAP-23866", url: "https://issues.redhat.com/browse/JBEAP-23866", }, { category: "external", summary: "JBEAP-24055", url: "https://issues.redhat.com/browse/JBEAP-24055", }, { category: "external", summary: "JBEAP-24081", url: "https://issues.redhat.com/browse/JBEAP-24081", }, { category: "external", summary: "JBEAP-24095", url: "https://issues.redhat.com/browse/JBEAP-24095", }, { category: "external", summary: "JBEAP-24100", url: "https://issues.redhat.com/browse/JBEAP-24100", }, { category: "external", summary: "JBEAP-24127", url: "https://issues.redhat.com/browse/JBEAP-24127", }, { category: "external", summary: "JBEAP-24128", url: "https://issues.redhat.com/browse/JBEAP-24128", }, { category: "external", summary: "JBEAP-24132", url: "https://issues.redhat.com/browse/JBEAP-24132", }, { category: "external", summary: "JBEAP-24147", url: "https://issues.redhat.com/browse/JBEAP-24147", }, { category: "external", summary: "JBEAP-24167", url: "https://issues.redhat.com/browse/JBEAP-24167", }, { category: "external", summary: "JBEAP-24191", url: "https://issues.redhat.com/browse/JBEAP-24191", }, { category: "external", summary: "JBEAP-24195", url: "https://issues.redhat.com/browse/JBEAP-24195", }, { category: "external", summary: "JBEAP-24207", url: "https://issues.redhat.com/browse/JBEAP-24207", }, { category: "external", summary: "JBEAP-24248", url: "https://issues.redhat.com/browse/JBEAP-24248", }, { category: "external", summary: "JBEAP-24426", url: "https://issues.redhat.com/browse/JBEAP-24426", }, { category: "external", summary: "JBEAP-24427", url: "https://issues.redhat.com/browse/JBEAP-24427", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0556.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update", tracking: { current_release_date: "2025-03-25T17:03:00+00:00", generator: { date: "2025-03-25T17:03:00+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:0556", initial_release_date: "2023-01-31T13:18:26+00:00", revision_history: [ { date: "2023-01-31T13:18:26+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-31T13:18:26+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-25T17:03:00+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7", product: { name: "Red Hat JBoss Enterprise Application Platform 7", product_id: "Red Hat JBoss Enterprise Application Platform 7", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2015-9251", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2016-11-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1399546", }, ], notes: [ { category: "description", text: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting via cross-domain ajax requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-9251", }, { category: "external", summary: "RHBZ#1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-9251", url: "https://www.cve.org/CVERecord?id=CVE-2015-9251", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", }, ], release_date: "2015-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting via cross-domain ajax requests", }, { cve: "CVE-2016-10735", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-01-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1668097", }, ], notes: [ { category: "description", text: "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the data-target attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-10735", }, { category: "external", summary: "RHBZ#1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-10735", url: "https://www.cve.org/CVERecord?id=CVE-2016-10735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", }, ], release_date: "2016-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the data-target attribute", }, { cve: "CVE-2017-18214", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-03-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1553413", }, ], notes: [ { category: "description", text: "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-moment: Regular expression denial of service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18214", }, { category: "external", summary: "RHBZ#1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18214", url: "https://www.cve.org/CVERecord?id=CVE-2017-18214", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", }, ], release_date: "2017-09-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-moment: Regular expression denial of service", }, { cve: "CVE-2018-14040", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601614", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14040", }, { category: "external", summary: "RHBZ#1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14040", url: "https://www.cve.org/CVERecord?id=CVE-2018-14040", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", }, { cve: "CVE-2018-14041", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601616", }, ], notes: [ { category: "description", text: "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14041", }, { category: "external", summary: "RHBZ#1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14041", url: "https://www.cve.org/CVERecord?id=CVE-2018-14041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", }, { cve: "CVE-2018-14042", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601617", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14042", }, { category: "external", summary: "RHBZ#1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14042", url: "https://www.cve.org/CVERecord?id=CVE-2018-14042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", }, { cve: "CVE-2019-8331", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-02-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1686454", }, ], notes: [ { category: "description", text: "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the tooltip or popover data-template attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-8331", }, { category: "external", summary: "RHBZ#1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-8331", url: "https://www.cve.org/CVERecord?id=CVE-2019-8331", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", }, ], release_date: "2019-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the tooltip or popover data-template attribute", }, { cve: "CVE-2019-11358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-03-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1701972", }, ], notes: [ { category: "description", text: "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11358", }, { category: "external", summary: "RHBZ#1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11358", url: "https://www.cve.org/CVERecord?id=CVE-2019-11358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", }, { category: "external", summary: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { category: "external", summary: "https://www.drupal.org/sa-core-2019-006", url: "https://www.drupal.org/sa-core-2019-006", }, ], release_date: "2019-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", }, { cve: "CVE-2020-11022", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-04-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1828406", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", title: "Vulnerability summary", }, { category: "other", text: "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11022", }, { category: "external", summary: "RHBZ#1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11022", url: "https://www.cve.org/CVERecord?id=CVE-2020-11022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", }, { category: "external", summary: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", url: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", }, ], release_date: "2020-04-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", }, { cve: "CVE-2020-11023", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-06-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1850004", }, ], notes: [ { category: "description", text: "A flaw was found in jQuery. HTML containing \\<option\\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The 'gcc' and 'tbb' packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the 'gcc' component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11023", }, { category: "external", summary: "RHBZ#1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11023", url: "https://www.cve.org/CVERecord?id=CVE-2020-11023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", }, { category: "external", summary: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2020-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "exploit_status", date: "2025-01-23T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Low", }, ], title: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", }, { cve: "CVE-2022-3143", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, discovery_date: "2022-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2124682", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", title: "Vulnerability description", }, { category: "summary", text: "wildfly-elytron: possible timing attacks via use of unsafe comparator", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, { category: "external", summary: "RHBZ#2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3143", url: "https://www.cve.org/CVERecord?id=CVE-2022-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", }, ], release_date: "2022-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly-elytron: possible timing attacks via use of unsafe comparator", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46363", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155681", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", title: "Vulnerability description", }, { category: "summary", text: "CXF: directory listing / code exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46363", }, { category: "external", summary: "RHBZ#2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46363", url: "https://www.cve.org/CVERecord?id=CVE-2022-46363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", }, { category: "external", summary: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", url: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: directory listing / code exfiltration", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:18:26+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0556", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, ], }
rhsa-2023_0552
Vulnerability from csaf_redhat
Published
2023-01-31 13:15
Modified
2024-12-16 02:20
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0552", url: "https://access.redhat.com/errata/RHSA-2023:0552", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "JBEAP-23864", url: "https://issues.redhat.com/browse/JBEAP-23864", }, { category: "external", summary: "JBEAP-23865", url: "https://issues.redhat.com/browse/JBEAP-23865", }, { category: "external", summary: "JBEAP-23866", url: "https://issues.redhat.com/browse/JBEAP-23866", }, { category: "external", summary: "JBEAP-23926", url: "https://issues.redhat.com/browse/JBEAP-23926", }, { category: "external", summary: "JBEAP-24055", url: "https://issues.redhat.com/browse/JBEAP-24055", }, { category: "external", summary: "JBEAP-24081", url: "https://issues.redhat.com/browse/JBEAP-24081", }, { category: "external", summary: "JBEAP-24095", url: "https://issues.redhat.com/browse/JBEAP-24095", }, { category: "external", summary: "JBEAP-24100", url: "https://issues.redhat.com/browse/JBEAP-24100", }, { category: "external", summary: "JBEAP-24127", url: "https://issues.redhat.com/browse/JBEAP-24127", }, { category: "external", summary: "JBEAP-24128", url: "https://issues.redhat.com/browse/JBEAP-24128", }, { category: "external", summary: "JBEAP-24132", url: "https://issues.redhat.com/browse/JBEAP-24132", }, { category: "external", summary: "JBEAP-24147", url: "https://issues.redhat.com/browse/JBEAP-24147", }, { category: "external", summary: "JBEAP-24167", url: "https://issues.redhat.com/browse/JBEAP-24167", }, { category: "external", summary: "JBEAP-24191", url: "https://issues.redhat.com/browse/JBEAP-24191", }, { category: "external", summary: "JBEAP-24195", url: "https://issues.redhat.com/browse/JBEAP-24195", }, { category: "external", summary: "JBEAP-24207", url: "https://issues.redhat.com/browse/JBEAP-24207", }, { category: "external", summary: "JBEAP-24248", url: "https://issues.redhat.com/browse/JBEAP-24248", }, { category: "external", summary: "JBEAP-24426", url: "https://issues.redhat.com/browse/JBEAP-24426", }, { category: "external", summary: "JBEAP-24427", url: "https://issues.redhat.com/browse/JBEAP-24427", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0552.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update", tracking: { current_release_date: "2024-12-16T02:20:15+00:00", generator: { date: "2024-12-16T02:20:15+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:0552", initial_release_date: "2023-01-31T13:15:22+00:00", revision_history: [ { date: "2023-01-31T13:15:22+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-31T13:15:22+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T02:20:15+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", product: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", product_id: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-elytron-web@1.9.3-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", product: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", product_id: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", product: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", product_id: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", product: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", product_id: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", product: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", product_id: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", product_id: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", product: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", product_id: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el7eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow-server@1.9.3-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", product: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", product_id: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", product: { name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", product_id: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", product: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", product_id: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", product: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", product_id: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.16-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-24.Final_redhat_00023.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-24.Final_redhat_00023.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", }, product_reference: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", }, product_reference: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", }, product_reference: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", }, product_reference: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2015-9251", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2016-11-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1399546", }, ], notes: [ { category: "description", text: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting via cross-domain ajax requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-9251", }, { category: "external", summary: "RHBZ#1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-9251", url: "https://www.cve.org/CVERecord?id=CVE-2015-9251", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", }, ], release_date: "2015-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting via cross-domain ajax requests", }, { cve: "CVE-2016-10735", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-01-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1668097", }, ], notes: [ { category: "description", text: "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the data-target attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-10735", }, { category: "external", summary: "RHBZ#1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-10735", url: "https://www.cve.org/CVERecord?id=CVE-2016-10735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", }, ], release_date: "2016-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the data-target attribute", }, { cve: "CVE-2017-18214", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-03-08T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1553413", }, ], notes: [ { category: "description", text: "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-moment: Regular expression denial of service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18214", }, { category: "external", summary: "RHBZ#1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18214", url: "https://www.cve.org/CVERecord?id=CVE-2017-18214", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", }, ], release_date: "2017-09-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-moment: Regular expression denial of service", }, { cve: "CVE-2018-14040", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601614", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14040", }, { category: "external", summary: "RHBZ#1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14040", url: "https://www.cve.org/CVERecord?id=CVE-2018-14040", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", }, { cve: "CVE-2018-14041", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601616", }, ], notes: [ { category: "description", text: "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14041", }, { category: "external", summary: "RHBZ#1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14041", url: "https://www.cve.org/CVERecord?id=CVE-2018-14041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", }, { cve: "CVE-2018-14042", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601617", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14042", }, { category: "external", summary: "RHBZ#1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14042", url: "https://www.cve.org/CVERecord?id=CVE-2018-14042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", }, { cve: "CVE-2019-8331", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-02-20T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1686454", }, ], notes: [ { category: "description", text: "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the tooltip or popover data-template attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-8331", }, { category: "external", summary: "RHBZ#1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-8331", url: "https://www.cve.org/CVERecord?id=CVE-2019-8331", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", }, ], release_date: "2019-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the tooltip or popover data-template attribute", }, { cve: "CVE-2019-11358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-03-28T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1701972", }, ], notes: [ { category: "description", text: "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11358", }, { category: "external", summary: "RHBZ#1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11358", url: "https://www.cve.org/CVERecord?id=CVE-2019-11358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", }, { category: "external", summary: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { category: "external", summary: "https://www.drupal.org/sa-core-2019-006", url: "https://www.drupal.org/sa-core-2019-006", }, ], release_date: "2019-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", }, { cve: "CVE-2020-11022", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-04-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1828406", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", title: "Vulnerability summary", }, { category: "other", text: "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11022", }, { category: "external", summary: "RHBZ#1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11022", url: "https://www.cve.org/CVERecord?id=CVE-2020-11022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", }, { category: "external", summary: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", url: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", }, ], release_date: "2020-04-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", }, { cve: "CVE-2020-11023", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-06-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1850004", }, ], notes: [ { category: "description", text: "A flaw was found in jQuery. HTML containing \\<option\\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11023", }, { category: "external", summary: "RHBZ#1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11023", url: "https://www.cve.org/CVERecord?id=CVE-2020-11023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", }, { category: "external", summary: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, ], release_date: "2020-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", }, { cve: "CVE-2022-3143", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, discovery_date: "2022-09-06T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2124682", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", title: "Vulnerability description", }, { category: "summary", text: "wildfly-elytron: possible timing attacks via use of unsafe comparator", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, { category: "external", summary: "RHBZ#2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3143", url: "https://www.cve.org/CVERecord?id=CVE-2022-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", }, ], release_date: "2022-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly-elytron: possible timing attacks via use of unsafe comparator", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, ], }
rhsa-2023_4983
Vulnerability from csaf_redhat
Published
2023-09-05 18:37
Modified
2024-12-17 22:56
Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fixes:
* apache-bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* loader-utils: regular expression denial of service in interpolateName.js (CVE-2022-37599)
* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* RESTEasy: creation of insecure temp files (CVE-2023-0482)
* sshd-core: mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* apache-bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* loader-utils: regular expression denial of service in interpolateName.js (CVE-2022-37599)\n\n* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\n* sshd-core: mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4983", url: "https://access.redhat.com/errata/RHSA-2023:4983", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1981527", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1981527", }, { category: "external", summary: "2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2134872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134872", }, { category: "external", summary: "2137645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137645", }, { category: "external", summary: "2142707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142707", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2166004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2166004", }, { category: "external", summary: "2170644", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170644", }, { category: "external", summary: "2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "2209342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209342", }, { category: "external", summary: "RHPAM-4639", url: "https://issues.redhat.com/browse/RHPAM-4639", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4983.json", }, ], title: "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update", tracking: { current_release_date: "2024-12-17T22:56:41+00:00", generator: { date: "2024-12-17T22:56:41+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:4983", initial_release_date: "2023-09-05T18:37:03+00:00", revision_history: [ { date: "2023-09-05T18:37:03+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-05T18:37:03+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-17T22:56:41+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHPAM 7.13.4 async", product: { name: "RHPAM 7.13.4 async", product_id: "RHPAM 7.13.4 async", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", }, }, }, ], category: "product_family", name: "Red Hat Process Automation Manager", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-30129", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1981527", }, ], notes: [ { category: "description", text: "A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server", title: "Vulnerability summary", }, { category: "other", text: "Red Hat OpenStack Platform's OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-30129", }, { category: "external", summary: "RHBZ#1981527", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1981527", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-30129", url: "https://www.cve.org/CVERecord?id=CVE-2021-30129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-30129", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-30129", }, ], release_date: "2021-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server", }, { cve: "CVE-2022-3143", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, discovery_date: "2022-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2124682", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", title: "Vulnerability description", }, { category: "summary", text: "wildfly-elytron: possible timing attacks via use of unsafe comparator", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, { category: "external", summary: "RHBZ#2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3143", url: "https://www.cve.org/CVERecord?id=CVE-2022-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", }, ], release_date: "2022-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly-elytron: possible timing attacks via use of unsafe comparator", }, { cve: "CVE-2022-3171", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2137645", }, ], notes: [ { category: "description", text: "A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.", title: "Vulnerability description", }, { category: "summary", text: "protobuf-java: timeout in parser leads to DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3171", }, { category: "external", summary: "RHBZ#2137645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137645", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3171", url: "https://www.cve.org/CVERecord?id=CVE-2022-3171", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3171", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3171", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2", url: "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2", }, ], release_date: "2022-10-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "protobuf-java: timeout in parser leads to DoS", }, { cve: "CVE-2022-3509", cwe: { id: "CWE-915", name: "Improperly Controlled Modification of Dynamically-Determined Object Attributes", }, discovery_date: "2022-12-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2184161", }, ], notes: [ { category: "description", text: "A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.", title: "Vulnerability description", }, { category: "summary", text: "protobuf-java: Textformat parsing issue leads to DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3509", }, { category: "external", summary: "RHBZ#2184161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184161", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3509", url: "https://www.cve.org/CVERecord?id=CVE-2022-3509", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3509", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3509", }, ], release_date: "2022-12-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "protobuf-java: Textformat parsing issue leads to DoS", }, { cve: "CVE-2022-3510", cwe: { id: "CWE-915", name: "Improperly Controlled Modification of Dynamically-Determined Object Attributes", }, discovery_date: "2022-12-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2184176", }, ], notes: [ { category: "description", text: "A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.", title: "Vulnerability description", }, { category: "summary", text: "protobuf-java: Message-Type Extensions parsing issue leads to DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3510", }, { category: "external", summary: "RHBZ#2184176", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184176", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3510", url: "https://www.cve.org/CVERecord?id=CVE-2022-3510", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3510", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3510", }, ], release_date: "2022-12-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "protobuf-java: Message-Type Extensions parsing issue leads to DoS", }, { cve: "CVE-2022-4492", cwe: { id: "CWE-550", name: "Server-generated Error Message Containing Sensitive Information", }, discovery_date: "2022-12-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2153260", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Server identity in https connection is not checked by the undertow client", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4492", }, { category: "external", summary: "RHBZ#2153260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153260", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4492", url: "https://www.cve.org/CVERecord?id=CVE-2022-4492", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", }, ], release_date: "2022-12-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Server identity in https connection is not checked by the undertow client", }, { cve: "CVE-2022-25857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2126789", }, ], notes: [ { category: "description", text: "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", title: "Vulnerability summary", }, { category: "other", text: "For RHEL-8 it's downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn't shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it's not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25857", }, { category: "external", summary: "RHBZ#2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25857", url: "https://www.cve.org/CVERecord?id=CVE-2022-25857", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", }, ], release_date: "2022-08-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", }, { cve: "CVE-2022-37599", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134872", }, ], notes: [ { category: "description", text: "A flaw was found in the interpolateName function in interpolateName.js in the webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. This flaw can lead to a regular expression denial of service (ReDoS).", title: "Vulnerability description", }, { category: "summary", text: "loader-utils: regular expression denial of service in interpolateName.js", title: "Vulnerability summary", }, { category: "other", text: "In Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container and openshift-logging/logging-view-plugin-rhel8 bundles many nodejs packages as a build time dependencies, including loader-utils package. The vulnerable code is not used hence the impact to OpenShift Logging by this vulnerability is Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-37599", }, { category: "external", summary: "RHBZ#2134872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134872", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-37599", url: "https://www.cve.org/CVERecord?id=CVE-2022-37599", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-37599", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-37599", }, { category: "external", summary: "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", url: "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", }, { category: "external", summary: "https://github.com/webpack/loader-utils/issues/211", url: "https://github.com/webpack/loader-utils/issues/211", }, ], release_date: "2022-10-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", product_ids: [ "RHPAM 7.13.4 async", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "loader-utils: regular expression denial of service in interpolateName.js", }, { cve: "CVE-2022-38900", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-02-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2170644", }, ], notes: [ { category: "description", text: "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "decode-uri-component: improper input validation resulting in DoS", title: "Vulnerability summary", }, { category: "other", text: "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38900", }, { category: "external", summary: "RHBZ#2170644", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170644", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38900", url: "https://www.cve.org/CVERecord?id=CVE-2022-38900", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", }, { category: "external", summary: "https://github.com/SamVerschueren/decode-uri-component/issues/5", url: "https://github.com/SamVerschueren/decode-uri-component/issues/5", }, { category: "external", summary: "https://github.com/advisories/GHSA-w573-4hg7-7wgq", url: "https://github.com/advisories/GHSA-w573-4hg7-7wgq", }, ], release_date: "2022-11-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "decode-uri-component: improper input validation resulting in DoS", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-41854", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2151988", }, ], notes: [ { category: "description", text: "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "dev-java/snakeyaml: DoS via stack overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41854", }, { category: "external", summary: "RHBZ#2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41854", url: "https://www.cve.org/CVERecord?id=CVE-2022-41854", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", }, { category: "external", summary: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", }, ], release_date: "2022-11-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "dev-java/snakeyaml: DoS via stack overflow", }, { cve: "CVE-2022-42920", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2142707", }, ], notes: [ { category: "description", text: "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.", title: "Vulnerability description", }, { category: "summary", text: "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing", title: "Vulnerability summary", }, { category: "other", text: "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42920", }, { category: "external", summary: "RHBZ#2142707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42920", url: "https://www.cve.org/CVERecord?id=CVE-2022-42920", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42920", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42920", }, { category: "external", summary: "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4", url: "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4", }, ], release_date: "2022-11-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "RHPAM 7.13.4 async", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2023-0482", cwe: { id: "CWE-378", name: "Creation of Temporary File With Insecure Permissions", }, discovery_date: "2023-01-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2166004", }, ], notes: [ { category: "description", text: "In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.", title: "Vulnerability description", }, { category: "summary", text: "RESTEasy: creation of insecure temp files", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0482", }, { category: "external", summary: "RHBZ#2166004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2166004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0482", url: "https://www.cve.org/CVERecord?id=CVE-2023-0482", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0482", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0482", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "RESTEasy: creation of insecure temp files", }, { cve: "CVE-2023-20860", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180528", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20860", }, { category: "external", summary: "RHBZ#2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20860", url: "https://www.cve.org/CVERecord?id=CVE-2023-20860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", }, { cve: "CVE-2023-20861", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180530", }, ], notes: [ { category: "description", text: "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "springframework: Spring Expression DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20861", }, { category: "external", summary: "RHBZ#2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20861", url: "https://www.cve.org/CVERecord?id=CVE-2023-20861", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: Spring Expression DoS Vulnerability", }, { cve: "CVE-2023-20883", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-05-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209342", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.", title: "Vulnerability description", }, { category: "summary", text: "spring-boot: Spring Boot Welcome Page DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20883", }, { category: "external", summary: "RHBZ#2209342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20883", url: "https://www.cve.org/CVERecord?id=CVE-2023-20883", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", }, ], release_date: "2023-05-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-boot: Spring Boot Welcome Page DoS Vulnerability", }, { cve: "CVE-2023-24998", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-02-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2172298", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.", title: "Vulnerability description", }, { category: "summary", text: "FileUpload: FileUpload DoS with excessive parts", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-24998", }, { category: "external", summary: "RHBZ#2172298", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172298", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-24998", url: "https://www.cve.org/CVERecord?id=CVE-2023-24998", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", }, { category: "external", summary: "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", url: "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", }, ], release_date: "2023-02-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "FileUpload: FileUpload DoS with excessive parts", }, ], }
RHSA-2023:0553
Vulnerability from csaf_redhat
Published
2023-01-31 13:12
Modified
2025-03-25 16:59
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
(CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
(CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
(CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability
(CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator
(CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
(CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data
(CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object's prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n(CVE-2018-14040)\n\n* jquery: Untrusted code execution via <option> tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n(CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy\n(CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability\n(CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator\n(CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n(CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data\n(CVE-2022-40150)\n\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0553", url: "https://access.redhat.com/errata/RHSA-2023:0553", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "JBEAP-23864", url: "https://issues.redhat.com/browse/JBEAP-23864", }, { category: "external", summary: "JBEAP-23865", url: "https://issues.redhat.com/browse/JBEAP-23865", }, { category: "external", summary: "JBEAP-23866", url: "https://issues.redhat.com/browse/JBEAP-23866", }, { category: "external", summary: "JBEAP-23927", url: "https://issues.redhat.com/browse/JBEAP-23927", }, { category: "external", summary: "JBEAP-24055", url: "https://issues.redhat.com/browse/JBEAP-24055", }, { category: "external", summary: "JBEAP-24081", url: "https://issues.redhat.com/browse/JBEAP-24081", }, { category: "external", summary: "JBEAP-24095", url: "https://issues.redhat.com/browse/JBEAP-24095", }, { category: "external", summary: "JBEAP-24100", url: "https://issues.redhat.com/browse/JBEAP-24100", }, { category: "external", summary: "JBEAP-24127", url: "https://issues.redhat.com/browse/JBEAP-24127", }, { category: "external", summary: "JBEAP-24128", url: "https://issues.redhat.com/browse/JBEAP-24128", }, { category: "external", summary: "JBEAP-24132", url: "https://issues.redhat.com/browse/JBEAP-24132", }, { category: "external", summary: "JBEAP-24147", url: "https://issues.redhat.com/browse/JBEAP-24147", }, { category: "external", summary: "JBEAP-24167", url: "https://issues.redhat.com/browse/JBEAP-24167", }, { category: "external", summary: "JBEAP-24191", url: "https://issues.redhat.com/browse/JBEAP-24191", }, { category: "external", summary: "JBEAP-24195", url: "https://issues.redhat.com/browse/JBEAP-24195", }, { category: "external", summary: "JBEAP-24207", url: "https://issues.redhat.com/browse/JBEAP-24207", }, { category: "external", summary: "JBEAP-24248", url: "https://issues.redhat.com/browse/JBEAP-24248", }, { category: "external", summary: "JBEAP-24426", url: "https://issues.redhat.com/browse/JBEAP-24426", }, { category: "external", summary: "JBEAP-24427", url: "https://issues.redhat.com/browse/JBEAP-24427", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0553.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update", tracking: { current_release_date: "2025-03-25T16:59:28+00:00", generator: { date: "2025-03-25T16:59:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:0553", initial_release_date: "2023-01-31T13:12:13+00:00", revision_history: [ { date: "2023-01-31T13:12:13+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-31T13:12:13+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-25T16:59:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 8", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-elytron-web@1.9.3-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", product: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", product_id: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", product: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", product_id: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", product: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", product_id: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", product: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", product_id: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", product: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", product_id: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", product: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", product_id: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el8eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow-server@1.9.3-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", product: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", product_id: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", product: { name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", product_id: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", product: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", product_id: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", product: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", product_id: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.16-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-24.Final_redhat_00023.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-24.Final_redhat_00023.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.9-4.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.9-4.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", }, product_reference: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", }, product_reference: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", }, product_reference: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", }, product_reference: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2015-9251", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2016-11-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1399546", }, ], notes: [ { category: "description", text: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting via cross-domain ajax requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-9251", }, { category: "external", summary: "RHBZ#1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-9251", url: "https://www.cve.org/CVERecord?id=CVE-2015-9251", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", }, ], release_date: "2015-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting via cross-domain ajax requests", }, { cve: "CVE-2016-10735", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-01-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1668097", }, ], notes: [ { category: "description", text: "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the data-target attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-10735", }, { category: "external", summary: "RHBZ#1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-10735", url: "https://www.cve.org/CVERecord?id=CVE-2016-10735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", }, ], release_date: "2016-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the data-target attribute", }, { cve: "CVE-2017-18214", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-03-08T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1553413", }, ], notes: [ { category: "description", text: "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-moment: Regular expression denial of service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18214", }, { category: "external", summary: "RHBZ#1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18214", url: "https://www.cve.org/CVERecord?id=CVE-2017-18214", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", }, ], release_date: "2017-09-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-moment: Regular expression denial of service", }, { cve: "CVE-2018-14040", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601614", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14040", }, { category: "external", summary: "RHBZ#1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14040", url: "https://www.cve.org/CVERecord?id=CVE-2018-14040", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", }, { cve: "CVE-2018-14041", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601616", }, ], notes: [ { category: "description", text: "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14041", }, { category: "external", summary: "RHBZ#1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14041", url: "https://www.cve.org/CVERecord?id=CVE-2018-14041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", }, { cve: "CVE-2018-14042", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601617", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14042", }, { category: "external", summary: "RHBZ#1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14042", url: "https://www.cve.org/CVERecord?id=CVE-2018-14042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", }, { cve: "CVE-2019-8331", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-02-20T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1686454", }, ], notes: [ { category: "description", text: "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the tooltip or popover data-template attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-8331", }, { category: "external", summary: "RHBZ#1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-8331", url: "https://www.cve.org/CVERecord?id=CVE-2019-8331", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", }, ], release_date: "2019-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the tooltip or popover data-template attribute", }, { cve: "CVE-2019-11358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-03-28T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1701972", }, ], notes: [ { category: "description", text: "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11358", }, { category: "external", summary: "RHBZ#1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11358", url: "https://www.cve.org/CVERecord?id=CVE-2019-11358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", }, { category: "external", summary: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { category: "external", summary: "https://www.drupal.org/sa-core-2019-006", url: "https://www.drupal.org/sa-core-2019-006", }, ], release_date: "2019-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", }, { cve: "CVE-2020-11022", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-04-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1828406", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", title: "Vulnerability summary", }, { category: "other", text: "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11022", }, { category: "external", summary: "RHBZ#1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11022", url: "https://www.cve.org/CVERecord?id=CVE-2020-11022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", }, { category: "external", summary: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", url: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", }, ], release_date: "2020-04-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", }, { cve: "CVE-2020-11023", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-06-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1850004", }, ], notes: [ { category: "description", text: "A flaw was found in jQuery. HTML containing \\<option\\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The 'gcc' and 'tbb' packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the 'gcc' component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11023", }, { category: "external", summary: "RHBZ#1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11023", url: "https://www.cve.org/CVERecord?id=CVE-2020-11023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", }, { category: "external", summary: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2020-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "exploit_status", date: "2025-01-23T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Low", }, ], title: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", }, { cve: "CVE-2022-3143", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, discovery_date: "2022-09-06T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2124682", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", title: "Vulnerability description", }, { category: "summary", text: "wildfly-elytron: possible timing attacks via use of unsafe comparator", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, { category: "external", summary: "RHBZ#2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3143", url: "https://www.cve.org/CVERecord?id=CVE-2022-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", }, ], release_date: "2022-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly-elytron: possible timing attacks via use of unsafe comparator", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:12:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0553", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, ], }
rhsa-2023:0554
Vulnerability from csaf_redhat
Published
2023-01-31 13:15
Modified
2025-03-25 16:59
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
(CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
(CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
(CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability
(CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator
(CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
(CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data
(CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object's prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n(CVE-2018-14040)\n\n* jquery: Untrusted code execution via <option> tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n(CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy\n(CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability\n(CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator\n(CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n(CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data\n(CVE-2022-40150)\n\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0554", url: "https://access.redhat.com/errata/RHSA-2023:0554", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "JBEAP-23864", url: "https://issues.redhat.com/browse/JBEAP-23864", }, { category: "external", summary: "JBEAP-23865", url: "https://issues.redhat.com/browse/JBEAP-23865", }, { category: "external", summary: "JBEAP-23866", url: "https://issues.redhat.com/browse/JBEAP-23866", }, { category: "external", summary: "JBEAP-23928", url: "https://issues.redhat.com/browse/JBEAP-23928", }, { category: "external", summary: "JBEAP-24055", url: "https://issues.redhat.com/browse/JBEAP-24055", }, { category: "external", summary: "JBEAP-24081", url: "https://issues.redhat.com/browse/JBEAP-24081", }, { category: "external", summary: "JBEAP-24095", url: "https://issues.redhat.com/browse/JBEAP-24095", }, { category: "external", summary: "JBEAP-24100", url: "https://issues.redhat.com/browse/JBEAP-24100", }, { category: "external", summary: "JBEAP-24127", url: "https://issues.redhat.com/browse/JBEAP-24127", }, { category: "external", summary: "JBEAP-24128", url: "https://issues.redhat.com/browse/JBEAP-24128", }, { category: "external", summary: "JBEAP-24132", url: "https://issues.redhat.com/browse/JBEAP-24132", }, { category: "external", summary: "JBEAP-24147", url: "https://issues.redhat.com/browse/JBEAP-24147", }, { category: "external", summary: "JBEAP-24167", url: "https://issues.redhat.com/browse/JBEAP-24167", }, { category: "external", summary: "JBEAP-24191", url: "https://issues.redhat.com/browse/JBEAP-24191", }, { category: "external", summary: "JBEAP-24195", url: "https://issues.redhat.com/browse/JBEAP-24195", }, { category: "external", summary: "JBEAP-24207", url: "https://issues.redhat.com/browse/JBEAP-24207", }, { category: "external", summary: "JBEAP-24248", url: "https://issues.redhat.com/browse/JBEAP-24248", }, { category: "external", summary: "JBEAP-24426", url: "https://issues.redhat.com/browse/JBEAP-24426", }, { category: "external", summary: "JBEAP-24427", url: "https://issues.redhat.com/browse/JBEAP-24427", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0554.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update", tracking: { current_release_date: "2025-03-25T16:59:08+00:00", generator: { date: "2025-03-25T16:59:08+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:0554", initial_release_date: "2023-01-31T13:15:23+00:00", revision_history: [ { date: "2023-01-31T13:15:23+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-31T13:15:23+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-25T16:59:08+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 9", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-elytron-web@1.9.3-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", product: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", product_id: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", product: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", product_id: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", product: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", product_id: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", product: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", product_id: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", product: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", product_id: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", product: { name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", product_id: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-1.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", product: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", product_id: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", product: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", product_id: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", product: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", product_id: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", product: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", product_id: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", product_id: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", product: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", product_id: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", product_id: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", product: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", product_id: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el9eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow-server@1.9.3-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", product: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", product_id: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", product: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", product_id: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", product: { name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", product_id: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", product: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", product_id: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", product: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", product_id: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", product: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", product_id: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.16-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-24.Final_redhat_00023.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-24.Final_redhat_00023.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.9-4.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.9-4.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", }, product_reference: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", }, product_reference: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", }, product_reference: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", }, product_reference: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", }, product_reference: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", }, product_reference: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", }, product_reference: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", }, product_reference: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", }, product_reference: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", }, product_reference: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", }, product_reference: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", }, product_reference: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", }, product_reference: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2015-9251", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2016-11-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1399546", }, ], notes: [ { category: "description", text: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting via cross-domain ajax requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-9251", }, { category: "external", summary: "RHBZ#1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-9251", url: "https://www.cve.org/CVERecord?id=CVE-2015-9251", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", }, ], release_date: "2015-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting via cross-domain ajax requests", }, { cve: "CVE-2016-10735", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-01-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1668097", }, ], notes: [ { category: "description", text: "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the data-target attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-10735", }, { category: "external", summary: "RHBZ#1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-10735", url: "https://www.cve.org/CVERecord?id=CVE-2016-10735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", }, ], release_date: "2016-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the data-target attribute", }, { cve: "CVE-2017-18214", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-03-08T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1553413", }, ], notes: [ { category: "description", text: "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-moment: Regular expression denial of service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18214", }, { category: "external", summary: "RHBZ#1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18214", url: "https://www.cve.org/CVERecord?id=CVE-2017-18214", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", }, ], release_date: "2017-09-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-moment: Regular expression denial of service", }, { cve: "CVE-2018-14040", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601614", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14040", }, { category: "external", summary: "RHBZ#1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14040", url: "https://www.cve.org/CVERecord?id=CVE-2018-14040", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", }, { cve: "CVE-2018-14041", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601616", }, ], notes: [ { category: "description", text: "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14041", }, { category: "external", summary: "RHBZ#1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14041", url: "https://www.cve.org/CVERecord?id=CVE-2018-14041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", }, { cve: "CVE-2018-14042", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601617", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14042", }, { category: "external", summary: "RHBZ#1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14042", url: "https://www.cve.org/CVERecord?id=CVE-2018-14042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", }, { cve: "CVE-2019-8331", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-02-20T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1686454", }, ], notes: [ { category: "description", text: "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the tooltip or popover data-template attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-8331", }, { category: "external", summary: "RHBZ#1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-8331", url: "https://www.cve.org/CVERecord?id=CVE-2019-8331", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", }, ], release_date: "2019-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the tooltip or popover data-template attribute", }, { cve: "CVE-2019-11358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-03-28T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1701972", }, ], notes: [ { category: "description", text: "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11358", }, { category: "external", summary: "RHBZ#1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11358", url: "https://www.cve.org/CVERecord?id=CVE-2019-11358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", }, { category: "external", summary: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { category: "external", summary: "https://www.drupal.org/sa-core-2019-006", url: "https://www.drupal.org/sa-core-2019-006", }, ], release_date: "2019-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", }, { cve: "CVE-2020-11022", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-04-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1828406", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", title: "Vulnerability summary", }, { category: "other", text: "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11022", }, { category: "external", summary: "RHBZ#1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11022", url: "https://www.cve.org/CVERecord?id=CVE-2020-11022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", }, { category: "external", summary: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", url: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", }, ], release_date: "2020-04-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", }, { cve: "CVE-2020-11023", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-06-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1850004", }, ], notes: [ { category: "description", text: "A flaw was found in jQuery. HTML containing \\<option\\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The 'gcc' and 'tbb' packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the 'gcc' component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11023", }, { category: "external", summary: "RHBZ#1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11023", url: "https://www.cve.org/CVERecord?id=CVE-2020-11023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", }, { category: "external", summary: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2020-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "exploit_status", date: "2025-01-23T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Low", }, ], title: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", }, { cve: "CVE-2022-3143", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, discovery_date: "2022-09-06T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2124682", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", title: "Vulnerability description", }, { category: "summary", text: "wildfly-elytron: possible timing attacks via use of unsafe comparator", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, { category: "external", summary: "RHBZ#2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3143", url: "https://www.cve.org/CVERecord?id=CVE-2022-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", }, ], release_date: "2022-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly-elytron: possible timing attacks via use of unsafe comparator", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, ], }
RHSA-2023:0554
Vulnerability from csaf_redhat
Published
2023-01-31 13:15
Modified
2025-03-25 16:59
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
(CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
(CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
(CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability
(CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator
(CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
(CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data
(CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object's prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n(CVE-2018-14040)\n\n* jquery: Untrusted code execution via <option> tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n(CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy\n(CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability\n(CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator\n(CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n(CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data\n(CVE-2022-40150)\n\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0554", url: "https://access.redhat.com/errata/RHSA-2023:0554", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "JBEAP-23864", url: "https://issues.redhat.com/browse/JBEAP-23864", }, { category: "external", summary: "JBEAP-23865", url: "https://issues.redhat.com/browse/JBEAP-23865", }, { category: "external", summary: "JBEAP-23866", url: "https://issues.redhat.com/browse/JBEAP-23866", }, { category: "external", summary: "JBEAP-23928", url: "https://issues.redhat.com/browse/JBEAP-23928", }, { category: "external", summary: "JBEAP-24055", url: "https://issues.redhat.com/browse/JBEAP-24055", }, { category: "external", summary: "JBEAP-24081", url: "https://issues.redhat.com/browse/JBEAP-24081", }, { category: "external", summary: "JBEAP-24095", url: "https://issues.redhat.com/browse/JBEAP-24095", }, { category: "external", summary: "JBEAP-24100", url: "https://issues.redhat.com/browse/JBEAP-24100", }, { category: "external", summary: "JBEAP-24127", url: "https://issues.redhat.com/browse/JBEAP-24127", }, { category: "external", summary: "JBEAP-24128", url: "https://issues.redhat.com/browse/JBEAP-24128", }, { category: "external", summary: "JBEAP-24132", url: "https://issues.redhat.com/browse/JBEAP-24132", }, { category: "external", summary: "JBEAP-24147", url: "https://issues.redhat.com/browse/JBEAP-24147", }, { category: "external", summary: "JBEAP-24167", url: "https://issues.redhat.com/browse/JBEAP-24167", }, { category: "external", summary: "JBEAP-24191", url: "https://issues.redhat.com/browse/JBEAP-24191", }, { category: "external", summary: "JBEAP-24195", url: "https://issues.redhat.com/browse/JBEAP-24195", }, { category: "external", summary: "JBEAP-24207", url: "https://issues.redhat.com/browse/JBEAP-24207", }, { category: "external", summary: "JBEAP-24248", url: "https://issues.redhat.com/browse/JBEAP-24248", }, { category: "external", summary: "JBEAP-24426", url: "https://issues.redhat.com/browse/JBEAP-24426", }, { category: "external", summary: "JBEAP-24427", url: "https://issues.redhat.com/browse/JBEAP-24427", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0554.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update", tracking: { current_release_date: "2025-03-25T16:59:08+00:00", generator: { date: "2025-03-25T16:59:08+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:0554", initial_release_date: "2023-01-31T13:15:23+00:00", revision_history: [ { date: "2023-01-31T13:15:23+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-31T13:15:23+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-25T16:59:08+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 9", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-elytron-web@1.9.3-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", product: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", product_id: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", product: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", product_id: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", product: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", product_id: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", product: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", product_id: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", product: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", product_id: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", product: { name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", product_id: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-1.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", product: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", product_id: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", product: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", product_id: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", product: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", product_id: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", product: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", product_id: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", product_id: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", product: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", product_id: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", product_id: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", product: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", product_id: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el9eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow-server@1.9.3-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", product: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", product_id: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", product: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", product_id: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", product: { name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", product_id: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", product: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", product_id: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", product: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", product_id: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", product: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", product_id: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.16-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-24.Final_redhat_00023.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-24.Final_redhat_00023.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.9-4.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.9-4.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", }, product_reference: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", }, product_reference: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", }, product_reference: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", }, product_reference: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", }, product_reference: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", }, product_reference: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", }, product_reference: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", }, product_reference: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", }, product_reference: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", }, product_reference: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", }, product_reference: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", }, product_reference: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", }, product_reference: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2015-9251", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2016-11-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1399546", }, ], notes: [ { category: "description", text: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting via cross-domain ajax requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-9251", }, { category: "external", summary: "RHBZ#1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-9251", url: "https://www.cve.org/CVERecord?id=CVE-2015-9251", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", }, ], release_date: "2015-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting via cross-domain ajax requests", }, { cve: "CVE-2016-10735", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-01-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1668097", }, ], notes: [ { category: "description", text: "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the data-target attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-10735", }, { category: "external", summary: "RHBZ#1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-10735", url: "https://www.cve.org/CVERecord?id=CVE-2016-10735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", }, ], release_date: "2016-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the data-target attribute", }, { cve: "CVE-2017-18214", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-03-08T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1553413", }, ], notes: [ { category: "description", text: "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-moment: Regular expression denial of service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18214", }, { category: "external", summary: "RHBZ#1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18214", url: "https://www.cve.org/CVERecord?id=CVE-2017-18214", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", }, ], release_date: "2017-09-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-moment: Regular expression denial of service", }, { cve: "CVE-2018-14040", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601614", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14040", }, { category: "external", summary: "RHBZ#1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14040", url: "https://www.cve.org/CVERecord?id=CVE-2018-14040", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", }, { cve: "CVE-2018-14041", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601616", }, ], notes: [ { category: "description", text: "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14041", }, { category: "external", summary: "RHBZ#1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14041", url: "https://www.cve.org/CVERecord?id=CVE-2018-14041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", }, { cve: "CVE-2018-14042", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601617", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14042", }, { category: "external", summary: "RHBZ#1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14042", url: "https://www.cve.org/CVERecord?id=CVE-2018-14042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", }, { cve: "CVE-2019-8331", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-02-20T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1686454", }, ], notes: [ { category: "description", text: "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the tooltip or popover data-template attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-8331", }, { category: "external", summary: "RHBZ#1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-8331", url: "https://www.cve.org/CVERecord?id=CVE-2019-8331", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", }, ], release_date: "2019-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the tooltip or popover data-template attribute", }, { cve: "CVE-2019-11358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-03-28T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1701972", }, ], notes: [ { category: "description", text: "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11358", }, { category: "external", summary: "RHBZ#1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11358", url: "https://www.cve.org/CVERecord?id=CVE-2019-11358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", }, { category: "external", summary: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { category: "external", summary: "https://www.drupal.org/sa-core-2019-006", url: "https://www.drupal.org/sa-core-2019-006", }, ], release_date: "2019-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", }, { cve: "CVE-2020-11022", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-04-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1828406", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", title: "Vulnerability summary", }, { category: "other", text: "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11022", }, { category: "external", summary: "RHBZ#1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11022", url: "https://www.cve.org/CVERecord?id=CVE-2020-11022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", }, { category: "external", summary: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", url: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", }, ], release_date: "2020-04-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", }, { cve: "CVE-2020-11023", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-06-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1850004", }, ], notes: [ { category: "description", text: "A flaw was found in jQuery. HTML containing \\<option\\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The 'gcc' and 'tbb' packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the 'gcc' component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11023", }, { category: "external", summary: "RHBZ#1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11023", url: "https://www.cve.org/CVERecord?id=CVE-2020-11023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", }, { category: "external", summary: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2020-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "exploit_status", date: "2025-01-23T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Low", }, ], title: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", }, { cve: "CVE-2022-3143", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, discovery_date: "2022-09-06T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2124682", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", title: "Vulnerability description", }, { category: "summary", text: "wildfly-elytron: possible timing attacks via use of unsafe comparator", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, { category: "external", summary: "RHBZ#2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3143", url: "https://www.cve.org/CVERecord?id=CVE-2022-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", }, ], release_date: "2022-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly-elytron: possible timing attacks via use of unsafe comparator", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, ], }
rhsa-2023_0554
Vulnerability from csaf_redhat
Published
2023-01-31 13:15
Modified
2024-12-16 02:20
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
(CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
(CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
(CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability
(CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator
(CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
(CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data
(CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object's prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n(CVE-2018-14040)\n\n* jquery: Untrusted code execution via <option> tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n(CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy\n(CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability\n(CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator\n(CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n(CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data\n(CVE-2022-40150)\n\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0554", url: "https://access.redhat.com/errata/RHSA-2023:0554", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "JBEAP-23864", url: "https://issues.redhat.com/browse/JBEAP-23864", }, { category: "external", summary: "JBEAP-23865", url: "https://issues.redhat.com/browse/JBEAP-23865", }, { category: "external", summary: "JBEAP-23866", url: "https://issues.redhat.com/browse/JBEAP-23866", }, { category: "external", summary: "JBEAP-23928", url: "https://issues.redhat.com/browse/JBEAP-23928", }, { category: "external", summary: "JBEAP-24055", url: "https://issues.redhat.com/browse/JBEAP-24055", }, { category: "external", summary: "JBEAP-24081", url: "https://issues.redhat.com/browse/JBEAP-24081", }, { category: "external", summary: "JBEAP-24095", url: "https://issues.redhat.com/browse/JBEAP-24095", }, { category: "external", summary: "JBEAP-24100", url: "https://issues.redhat.com/browse/JBEAP-24100", }, { category: "external", summary: "JBEAP-24127", url: "https://issues.redhat.com/browse/JBEAP-24127", }, { category: "external", summary: "JBEAP-24128", url: "https://issues.redhat.com/browse/JBEAP-24128", }, { category: "external", summary: "JBEAP-24132", url: "https://issues.redhat.com/browse/JBEAP-24132", }, { category: "external", summary: "JBEAP-24147", url: "https://issues.redhat.com/browse/JBEAP-24147", }, { category: "external", summary: "JBEAP-24167", url: "https://issues.redhat.com/browse/JBEAP-24167", }, { category: "external", summary: "JBEAP-24191", url: "https://issues.redhat.com/browse/JBEAP-24191", }, { category: "external", summary: "JBEAP-24195", url: "https://issues.redhat.com/browse/JBEAP-24195", }, { category: "external", summary: "JBEAP-24207", url: "https://issues.redhat.com/browse/JBEAP-24207", }, { category: "external", summary: "JBEAP-24248", url: "https://issues.redhat.com/browse/JBEAP-24248", }, { category: "external", summary: "JBEAP-24426", url: "https://issues.redhat.com/browse/JBEAP-24426", }, { category: "external", summary: "JBEAP-24427", url: "https://issues.redhat.com/browse/JBEAP-24427", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0554.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update", tracking: { current_release_date: "2024-12-16T02:20:06+00:00", generator: { date: "2024-12-16T02:20:06+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:0554", initial_release_date: "2023-01-31T13:15:23+00:00", revision_history: [ { date: "2023-01-31T13:15:23+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-31T13:15:23+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T02:20:06+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 9", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-elytron-web@1.9.3-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", product: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", product_id: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", product: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", product_id: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", product: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", product_id: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", product: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", product_id: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", product: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", product_id: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", product: { name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", product_id: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-1.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", product: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", product_id: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", product: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", product_id: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", product: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", product_id: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", product: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", product_id: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", product_id: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", product: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", product_id: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", product_id: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", product: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", product_id: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el9eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow-server@1.9.3-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", product: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", product_id: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", product: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", product_id: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", product: { name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", product_id: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_id: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", product: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", product_id: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", product: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", product_id: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", product: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", product_id: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.16-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-24.Final_redhat_00023.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-24.Final_redhat_00023.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.9-4.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.9-4.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", }, product_reference: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", }, product_reference: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", }, product_reference: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", }, product_reference: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", }, product_reference: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", }, product_reference: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", }, product_reference: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", }, product_reference: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", }, product_reference: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", }, product_reference: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", }, product_reference: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", }, product_reference: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", }, product_reference: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2015-9251", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2016-11-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1399546", }, ], notes: [ { category: "description", text: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting via cross-domain ajax requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-9251", }, { category: "external", summary: "RHBZ#1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-9251", url: "https://www.cve.org/CVERecord?id=CVE-2015-9251", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", }, ], release_date: "2015-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting via cross-domain ajax requests", }, { cve: "CVE-2016-10735", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-01-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1668097", }, ], notes: [ { category: "description", text: "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the data-target attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-10735", }, { category: "external", summary: "RHBZ#1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-10735", url: "https://www.cve.org/CVERecord?id=CVE-2016-10735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", }, ], release_date: "2016-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the data-target attribute", }, { cve: "CVE-2017-18214", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-03-08T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1553413", }, ], notes: [ { category: "description", text: "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-moment: Regular expression denial of service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18214", }, { category: "external", summary: "RHBZ#1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18214", url: "https://www.cve.org/CVERecord?id=CVE-2017-18214", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", }, ], release_date: "2017-09-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-moment: Regular expression denial of service", }, { cve: "CVE-2018-14040", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601614", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14040", }, { category: "external", summary: "RHBZ#1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14040", url: "https://www.cve.org/CVERecord?id=CVE-2018-14040", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", }, { cve: "CVE-2018-14041", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601616", }, ], notes: [ { category: "description", text: "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14041", }, { category: "external", summary: "RHBZ#1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14041", url: "https://www.cve.org/CVERecord?id=CVE-2018-14041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", }, { cve: "CVE-2018-14042", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601617", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14042", }, { category: "external", summary: "RHBZ#1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14042", url: "https://www.cve.org/CVERecord?id=CVE-2018-14042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", }, { cve: "CVE-2019-8331", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-02-20T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1686454", }, ], notes: [ { category: "description", text: "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the tooltip or popover data-template attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-8331", }, { category: "external", summary: "RHBZ#1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-8331", url: "https://www.cve.org/CVERecord?id=CVE-2019-8331", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", }, ], release_date: "2019-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the tooltip or popover data-template attribute", }, { cve: "CVE-2019-11358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-03-28T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1701972", }, ], notes: [ { category: "description", text: "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11358", }, { category: "external", summary: "RHBZ#1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11358", url: "https://www.cve.org/CVERecord?id=CVE-2019-11358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", }, { category: "external", summary: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { category: "external", summary: "https://www.drupal.org/sa-core-2019-006", url: "https://www.drupal.org/sa-core-2019-006", }, ], release_date: "2019-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", }, { cve: "CVE-2020-11022", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-04-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1828406", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", title: "Vulnerability summary", }, { category: "other", text: "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11022", }, { category: "external", summary: "RHBZ#1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11022", url: "https://www.cve.org/CVERecord?id=CVE-2020-11022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", }, { category: "external", summary: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", url: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", }, ], release_date: "2020-04-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", }, { cve: "CVE-2020-11023", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-06-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1850004", }, ], notes: [ { category: "description", text: "A flaw was found in jQuery. HTML containing \\<option\\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11023", }, { category: "external", summary: "RHBZ#1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11023", url: "https://www.cve.org/CVERecord?id=CVE-2020-11023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", }, { category: "external", summary: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, ], release_date: "2020-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", }, { cve: "CVE-2022-3143", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, discovery_date: "2022-09-06T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2124682", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", title: "Vulnerability description", }, { category: "summary", text: "wildfly-elytron: possible timing attacks via use of unsafe comparator", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, { category: "external", summary: "RHBZ#2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3143", url: "https://www.cve.org/CVERecord?id=CVE-2022-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", }, ], release_date: "2022-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly-elytron: possible timing attacks via use of unsafe comparator", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:23+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0554", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, ], }
rhsa-2023:4983
Vulnerability from csaf_redhat
Published
2023-09-05 18:37
Modified
2025-03-24 12:02
Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fixes:
* apache-bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* loader-utils: regular expression denial of service in interpolateName.js (CVE-2022-37599)
* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* RESTEasy: creation of insecure temp files (CVE-2023-0482)
* sshd-core: mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* apache-bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* loader-utils: regular expression denial of service in interpolateName.js (CVE-2022-37599)\n\n* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\n* sshd-core: mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4983", url: "https://access.redhat.com/errata/RHSA-2023:4983", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1981527", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1981527", }, { category: "external", summary: "2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2134872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134872", }, { category: "external", summary: "2137645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137645", }, { category: "external", summary: "2142707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142707", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2166004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2166004", }, { category: "external", summary: "2170644", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170644", }, { category: "external", summary: "2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "2209342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209342", }, { category: "external", summary: "RHPAM-4639", url: "https://issues.redhat.com/browse/RHPAM-4639", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4983.json", }, ], title: "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update", tracking: { current_release_date: "2025-03-24T12:02:54+00:00", generator: { date: "2025-03-24T12:02:54+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4983", initial_release_date: "2023-09-05T18:37:03+00:00", revision_history: [ { date: "2023-09-05T18:37:03+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-05T18:37:03+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-24T12:02:54+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHPAM 7.13.4 async", product: { name: "RHPAM 7.13.4 async", product_id: "RHPAM 7.13.4 async", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", }, }, }, ], category: "product_family", name: "Red Hat Process Automation Manager", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-30129", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1981527", }, ], notes: [ { category: "description", text: "A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server", title: "Vulnerability summary", }, { category: "other", text: "Red Hat OpenStack Platform's OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-30129", }, { category: "external", summary: "RHBZ#1981527", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1981527", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-30129", url: "https://www.cve.org/CVERecord?id=CVE-2021-30129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-30129", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-30129", }, ], release_date: "2021-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server", }, { cve: "CVE-2022-3143", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, discovery_date: "2022-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2124682", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", title: "Vulnerability description", }, { category: "summary", text: "wildfly-elytron: possible timing attacks via use of unsafe comparator", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, { category: "external", summary: "RHBZ#2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3143", url: "https://www.cve.org/CVERecord?id=CVE-2022-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", }, ], release_date: "2022-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly-elytron: possible timing attacks via use of unsafe comparator", }, { cve: "CVE-2022-3171", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2137645", }, ], notes: [ { category: "description", text: "A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.", title: "Vulnerability description", }, { category: "summary", text: "protobuf-java: timeout in parser leads to DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3171", }, { category: "external", summary: "RHBZ#2137645", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137645", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3171", url: "https://www.cve.org/CVERecord?id=CVE-2022-3171", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3171", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3171", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2", url: "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2", }, ], release_date: "2022-10-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "protobuf-java: timeout in parser leads to DoS", }, { cve: "CVE-2022-3509", cwe: { id: "CWE-915", name: "Improperly Controlled Modification of Dynamically-Determined Object Attributes", }, discovery_date: "2022-12-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2184161", }, ], notes: [ { category: "description", text: "A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.", title: "Vulnerability description", }, { category: "summary", text: "protobuf-java: Textformat parsing issue leads to DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3509", }, { category: "external", summary: "RHBZ#2184161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184161", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3509", url: "https://www.cve.org/CVERecord?id=CVE-2022-3509", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3509", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3509", }, ], release_date: "2022-12-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "protobuf-java: Textformat parsing issue leads to DoS", }, { cve: "CVE-2022-3510", cwe: { id: "CWE-915", name: "Improperly Controlled Modification of Dynamically-Determined Object Attributes", }, discovery_date: "2022-12-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2184176", }, ], notes: [ { category: "description", text: "A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.", title: "Vulnerability description", }, { category: "summary", text: "protobuf-java: Message-Type Extensions parsing issue leads to DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3510", }, { category: "external", summary: "RHBZ#2184176", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184176", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3510", url: "https://www.cve.org/CVERecord?id=CVE-2022-3510", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3510", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3510", }, ], release_date: "2022-12-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "protobuf-java: Message-Type Extensions parsing issue leads to DoS", }, { cve: "CVE-2022-4492", cwe: { id: "CWE-550", name: "Server-generated Error Message Containing Sensitive Information", }, discovery_date: "2022-12-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2153260", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Server identity in https connection is not checked by the undertow client", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4492", }, { category: "external", summary: "RHBZ#2153260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153260", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4492", url: "https://www.cve.org/CVERecord?id=CVE-2022-4492", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", }, ], release_date: "2022-12-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Server identity in https connection is not checked by the undertow client", }, { cve: "CVE-2022-25857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2126789", }, ], notes: [ { category: "description", text: "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", title: "Vulnerability summary", }, { category: "other", text: "For RHEL-8 it's downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn't shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it's not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25857", }, { category: "external", summary: "RHBZ#2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25857", url: "https://www.cve.org/CVERecord?id=CVE-2022-25857", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", }, ], release_date: "2022-08-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", }, { cve: "CVE-2022-37599", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134872", }, ], notes: [ { category: "description", text: "A flaw was found in the interpolateName function in interpolateName.js in the webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. This flaw can lead to a regular expression denial of service (ReDoS).", title: "Vulnerability description", }, { category: "summary", text: "loader-utils: regular expression denial of service in interpolateName.js", title: "Vulnerability summary", }, { category: "other", text: "In Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container and openshift-logging/logging-view-plugin-rhel8 bundles many nodejs packages as a build time dependencies, including loader-utils package. The vulnerable code is not used hence the impact to OpenShift Logging by this vulnerability is Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-37599", }, { category: "external", summary: "RHBZ#2134872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134872", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-37599", url: "https://www.cve.org/CVERecord?id=CVE-2022-37599", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-37599", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-37599", }, { category: "external", summary: "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", url: "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", }, { category: "external", summary: "https://github.com/webpack/loader-utils/issues/211", url: "https://github.com/webpack/loader-utils/issues/211", }, ], release_date: "2022-10-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", product_ids: [ "RHPAM 7.13.4 async", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "loader-utils: regular expression denial of service in interpolateName.js", }, { cve: "CVE-2022-38900", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-02-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2170644", }, ], notes: [ { category: "description", text: "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "decode-uri-component: improper input validation resulting in DoS", title: "Vulnerability summary", }, { category: "other", text: "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38900", }, { category: "external", summary: "RHBZ#2170644", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170644", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38900", url: "https://www.cve.org/CVERecord?id=CVE-2022-38900", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", }, { category: "external", summary: "https://github.com/SamVerschueren/decode-uri-component/issues/5", url: "https://github.com/SamVerschueren/decode-uri-component/issues/5", }, { category: "external", summary: "https://github.com/advisories/GHSA-w573-4hg7-7wgq", url: "https://github.com/advisories/GHSA-w573-4hg7-7wgq", }, ], release_date: "2022-11-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "decode-uri-component: improper input validation resulting in DoS", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-41854", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2151988", }, ], notes: [ { category: "description", text: "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "dev-java/snakeyaml: DoS via stack overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41854", }, { category: "external", summary: "RHBZ#2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41854", url: "https://www.cve.org/CVERecord?id=CVE-2022-41854", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", }, { category: "external", summary: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", }, ], release_date: "2022-11-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "dev-java/snakeyaml: DoS via stack overflow", }, { cve: "CVE-2022-42920", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2142707", }, ], notes: [ { category: "description", text: "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.", title: "Vulnerability description", }, { category: "summary", text: "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing", title: "Vulnerability summary", }, { category: "other", text: "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42920", }, { category: "external", summary: "RHBZ#2142707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42920", url: "https://www.cve.org/CVERecord?id=CVE-2022-42920", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42920", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42920", }, { category: "external", summary: "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4", url: "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4", }, ], release_date: "2022-11-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "RHPAM 7.13.4 async", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2023-0482", cwe: { id: "CWE-378", name: "Creation of Temporary File With Insecure Permissions", }, discovery_date: "2023-01-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2166004", }, ], notes: [ { category: "description", text: "In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.", title: "Vulnerability description", }, { category: "summary", text: "RESTEasy: creation of insecure temp files", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0482", }, { category: "external", summary: "RHBZ#2166004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2166004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0482", url: "https://www.cve.org/CVERecord?id=CVE-2023-0482", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0482", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0482", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "RESTEasy: creation of insecure temp files", }, { cve: "CVE-2023-20860", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180528", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20860", }, { category: "external", summary: "RHBZ#2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20860", url: "https://www.cve.org/CVERecord?id=CVE-2023-20860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", }, { cve: "CVE-2023-20861", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180530", }, ], notes: [ { category: "description", text: "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "springframework: Spring Expression DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20861", }, { category: "external", summary: "RHBZ#2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20861", url: "https://www.cve.org/CVERecord?id=CVE-2023-20861", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: Spring Expression DoS Vulnerability", }, { cve: "CVE-2023-20883", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-05-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209342", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.", title: "Vulnerability description", }, { category: "summary", text: "spring-boot: Spring Boot Welcome Page DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20883", }, { category: "external", summary: "RHBZ#2209342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20883", url: "https://www.cve.org/CVERecord?id=CVE-2023-20883", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", }, ], release_date: "2023-05-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-boot: Spring Boot Welcome Page DoS Vulnerability", }, { cve: "CVE-2023-24998", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-02-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2172298", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.", title: "Vulnerability description", }, { category: "summary", text: "FileUpload: FileUpload DoS with excessive parts", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHPAM 7.13.4 async", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-24998", }, { category: "external", summary: "RHBZ#2172298", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172298", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-24998", url: "https://www.cve.org/CVERecord?id=CVE-2023-24998", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", }, { category: "external", summary: "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", url: "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", }, ], release_date: "2023-02-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-05T18:37:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHPAM 7.13.4 async", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4983", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHPAM 7.13.4 async", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "FileUpload: FileUpload DoS with excessive parts", }, ], }
RHSA-2023:0552
Vulnerability from csaf_redhat
Published
2023-01-31 13:15
Modified
2025-03-25 16:59
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0552", url: "https://access.redhat.com/errata/RHSA-2023:0552", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "JBEAP-23864", url: "https://issues.redhat.com/browse/JBEAP-23864", }, { category: "external", summary: "JBEAP-23865", url: "https://issues.redhat.com/browse/JBEAP-23865", }, { category: "external", summary: "JBEAP-23866", url: "https://issues.redhat.com/browse/JBEAP-23866", }, { category: "external", summary: "JBEAP-23926", url: "https://issues.redhat.com/browse/JBEAP-23926", }, { category: "external", summary: "JBEAP-24055", url: "https://issues.redhat.com/browse/JBEAP-24055", }, { category: "external", summary: "JBEAP-24081", url: "https://issues.redhat.com/browse/JBEAP-24081", }, { category: "external", summary: "JBEAP-24095", url: "https://issues.redhat.com/browse/JBEAP-24095", }, { category: "external", summary: "JBEAP-24100", url: "https://issues.redhat.com/browse/JBEAP-24100", }, { category: "external", summary: "JBEAP-24127", url: "https://issues.redhat.com/browse/JBEAP-24127", }, { category: "external", summary: "JBEAP-24128", url: "https://issues.redhat.com/browse/JBEAP-24128", }, { category: "external", summary: "JBEAP-24132", url: "https://issues.redhat.com/browse/JBEAP-24132", }, { category: "external", summary: "JBEAP-24147", url: "https://issues.redhat.com/browse/JBEAP-24147", }, { category: "external", summary: "JBEAP-24167", url: "https://issues.redhat.com/browse/JBEAP-24167", }, { category: "external", summary: "JBEAP-24191", url: "https://issues.redhat.com/browse/JBEAP-24191", }, { category: "external", summary: "JBEAP-24195", url: "https://issues.redhat.com/browse/JBEAP-24195", }, { category: "external", summary: "JBEAP-24207", url: "https://issues.redhat.com/browse/JBEAP-24207", }, { category: "external", summary: "JBEAP-24248", url: "https://issues.redhat.com/browse/JBEAP-24248", }, { category: "external", summary: "JBEAP-24426", url: "https://issues.redhat.com/browse/JBEAP-24426", }, { category: "external", summary: "JBEAP-24427", url: "https://issues.redhat.com/browse/JBEAP-24427", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0552.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update", tracking: { current_release_date: "2025-03-25T16:59:18+00:00", generator: { date: "2025-03-25T16:59:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:0552", initial_release_date: "2023-01-31T13:15:22+00:00", revision_history: [ { date: "2023-01-31T13:15:22+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-31T13:15:22+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-25T16:59:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", product: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", product_id: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-elytron-web@1.9.3-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", product: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", product_id: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", product: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", product_id: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", product: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", product_id: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", product: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", product_id: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", product_id: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", product: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", product_id: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el7eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow-server@1.9.3-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", product: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", product_id: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", product: { name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", product_id: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", product: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", product_id: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", product: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", product_id: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.16-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-24.Final_redhat_00023.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-24.Final_redhat_00023.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", }, product_reference: "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", }, product_reference: "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", }, product_reference: "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", }, product_reference: "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2015-9251", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2016-11-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1399546", }, ], notes: [ { category: "description", text: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting via cross-domain ajax requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-9251", }, { category: "external", summary: "RHBZ#1399546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1399546", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-9251", url: "https://www.cve.org/CVERecord?id=CVE-2015-9251", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", }, ], release_date: "2015-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting via cross-domain ajax requests", }, { cve: "CVE-2016-10735", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-01-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1668097", }, ], notes: [ { category: "description", text: "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the data-target attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-10735", }, { category: "external", summary: "RHBZ#1668097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1668097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-10735", url: "https://www.cve.org/CVERecord?id=CVE-2016-10735", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-10735", }, ], release_date: "2016-06-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the data-target attribute", }, { cve: "CVE-2017-18214", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-03-08T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1553413", }, ], notes: [ { category: "description", text: "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-moment: Regular expression denial of service", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18214", }, { category: "external", summary: "RHBZ#1553413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553413", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18214", url: "https://www.cve.org/CVERecord?id=CVE-2017-18214", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18214", }, ], release_date: "2017-09-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-moment: Regular expression denial of service", }, { cve: "CVE-2018-14040", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601614", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14040", }, { category: "external", summary: "RHBZ#1601614", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601614", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14040", url: "https://www.cve.org/CVERecord?id=CVE-2018-14040", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", }, { cve: "CVE-2018-14041", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601616", }, ], notes: [ { category: "description", text: "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14041", }, { category: "external", summary: "RHBZ#1601616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14041", url: "https://www.cve.org/CVERecord?id=CVE-2018-14041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy", }, { cve: "CVE-2018-14042", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2018-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601617", }, ], notes: [ { category: "description", text: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-14042", }, { category: "external", summary: "RHBZ#1601617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601617", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-14042", url: "https://www.cve.org/CVERecord?id=CVE-2018-14042", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", }, ], release_date: "2018-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", }, { cve: "CVE-2019-8331", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-02-20T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1686454", }, ], notes: [ { category: "description", text: "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: XSS in the tooltip or popover data-template attribute", title: "Vulnerability summary", }, { category: "other", text: "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-8331", }, { category: "external", summary: "RHBZ#1686454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1686454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-8331", url: "https://www.cve.org/CVERecord?id=CVE-2019-8331", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", }, ], release_date: "2019-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "bootstrap: XSS in the tooltip or popover data-template attribute", }, { cve: "CVE-2019-11358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2019-03-28T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1701972", }, ], notes: [ { category: "description", text: "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11358", }, { category: "external", summary: "RHBZ#1701972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1701972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11358", url: "https://www.cve.org/CVERecord?id=CVE-2019-11358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", }, { category: "external", summary: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { category: "external", summary: "https://www.drupal.org/sa-core-2019-006", url: "https://www.drupal.org/sa-core-2019-006", }, ], release_date: "2019-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", }, { cve: "CVE-2020-11022", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-04-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1828406", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", title: "Vulnerability summary", }, { category: "other", text: "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11022", }, { category: "external", summary: "RHBZ#1828406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1828406", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11022", url: "https://www.cve.org/CVERecord?id=CVE-2020-11022", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", }, { category: "external", summary: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", url: "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", }, ], release_date: "2020-04-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", }, { cve: "CVE-2020-11023", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-06-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1850004", }, ], notes: [ { category: "description", text: "A flaw was found in jQuery. HTML containing \\<option\\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The 'gcc' and 'tbb' packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the 'gcc' component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11023", }, { category: "external", summary: "RHBZ#1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11023", url: "https://www.cve.org/CVERecord?id=CVE-2020-11023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", }, { category: "external", summary: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2020-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "exploit_status", date: "2025-01-23T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Low", }, ], title: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", }, { cve: "CVE-2022-3143", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, discovery_date: "2022-09-06T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2124682", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", title: "Vulnerability description", }, { category: "summary", text: "wildfly-elytron: possible timing attacks via use of unsafe comparator", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, { category: "external", summary: "RHBZ#2124682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3143", url: "https://www.cve.org/CVERecord?id=CVE-2022-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", }, ], release_date: "2022-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly-elytron: possible timing attacks via use of unsafe comparator", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-31T13:15:22+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0552", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, ], }
gsd-2022-3143
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
Aliases
Aliases
{ GSD: { alias: "CVE-2022-3143", id: "GSD-2022-3143", references: [ "https://access.redhat.com/errata/RHSA-2023:0552", "https://access.redhat.com/errata/RHSA-2023:0553", "https://access.redhat.com/errata/RHSA-2023:0554", "https://access.redhat.com/errata/RHSA-2023:0556", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2022-3143", ], details: "wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", id: "GSD-2022-3143", modified: "2023-12-13T01:19:40.556999Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2022-3143", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Wildfly-elytron", version: { version_data: [ { version_affected: "=", version_value: "1.15.15", }, ], }, }, ], }, vendor_name: "redhat.com", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://access.redhat.com/security/cve/CVE-2022-3143", refsource: "MISC", url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "(,1.15.15.Final),[1.16.0.CR1,1.20.3.Final)", affected_versions: "All versions before 1.15.15.final, all versions starting from 1.16.0.cr1 before 1.20.3.final", cwe_ids: [ "CWE-1035", "CWE-937", ], date: "2023-01-13", description: "wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", fixed_versions: [ "1.15.15.Final", "1.20.3.Final", ], identifier: "CVE-2022-3143", identifiers: [ "GHSA-jmj6-p2j9-68cp", "CVE-2022-3143", ], not_impacted: "All versions starting from 1.15.15.final before 1.16.0.cr1, all versions starting from 1.20.3.final", package_slug: "maven/org.wildfly.security/wildfly-elytron", pubdate: "2023-01-13", solution: "Upgrade to versions 1.15.15.Final, 1.20.3.Final or above.", title: "Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", "https://access.redhat.com/security/cve/CVE-2022-3143", "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", "https://github.com/advisories/GHSA-jmj6-p2j9-68cp", ], uuid: "d25c178e-2139-4e9d-8b10-351272601b58", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:wildfly_elytron:1.15.15:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2022-3143", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-203", }, ], }, ], }, references: { reference_data: [ { name: "https://access.redhat.com/security/cve/CVE-2022-3143", refsource: "MISC", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, ], }, }, impact: { baseMetricV3: { cvssV3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, }, }, lastModifiedDate: "2023-01-25T20:38Z", publishedDate: "2023-01-13T06:15Z", }, }, }
wid-sec-w-2023-0239
Vulnerability from csaf_certbund
Published
2023-01-31 23:00
Modified
2024-02-28 23:00
Summary
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-0239 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0239.json", }, { category: "self", summary: "WID-SEC-2023-0239 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0239", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0552 vom 2023-01-31", url: "https://access.redhat.com/errata/RHSA-2023:0552", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0553 vom 2023-01-31", url: "https://access.redhat.com/errata/RHSA-2023:0553", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0554 vom 2023-01-31", url: "https://access.redhat.com/errata/RHSA-2023:0554", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0556 vom 2023-01-31", url: "https://access.redhat.com/errata/RHSA-2023:0556", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0560 vom 2023-02-08", url: "https://access.redhat.com/errata/RHSA-2023:0560", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0713 vom 2023-02-09", url: "https://access.redhat.com/errata/RHSA-2023:0713", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1044 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1044", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1043 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1043", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1049 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1049", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1047 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1047", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1045 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1045", }, { category: "external", summary: "F5 Security Advisory K48382137 vom 2023-04-21", url: "https://my.f5.com/manage/s/article/K48382137", }, { category: "external", summary: "F5 Security Advisory K05380109 vom 2023-04-20", url: "https://my.f5.com/manage/s/article/K05380109", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3223 vom 2023-05-18", url: "https://access.redhat.com/errata/RHSA-2023:3223", }, { category: "external", summary: "Hitachi Software Vulnerability Information hitachi-sec-2023-116 vom 2023-05-23", url: "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-116/index.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4983 vom 2023-09-05", url: "https://access.redhat.com/errata/RHSA-2023:4983", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2023-143 vom 2023-10-03", url: "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-143/index.html", }, { category: "external", summary: "Dell Security Advisory DSA-2023-409 vom 2023-12-23", url: "https://www.dell.com/support/kbdoc/000220669/dsa-2023-=", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1027 vom 2024-02-28", url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], source_lang: "en-US", title: "Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen", tracking: { current_release_date: "2024-02-28T23:00:00.000+00:00", generator: { date: "2024-08-15T17:42:48.458+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-0239", initial_release_date: "2023-01-31T23:00:00.000+00:00", revision_history: [ { date: "2023-01-31T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-02-08T23:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-02-09T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-03-01T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-04-20T22:00:00.000+00:00", number: "5", summary: "Neue Updates von F5 aufgenommen", }, { date: "2023-05-18T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-05-22T22:00:00.000+00:00", number: "7", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2023-09-05T22:00:00.000+00:00", number: "8", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-10-03T22:00:00.000+00:00", number: "9", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2023-12-26T23:00:00.000+00:00", number: "10", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-02-28T23:00:00.000+00:00", number: "11", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "11", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "F5 BIG-IP", product: { name: "F5 BIG-IP", product_id: "T001663", product_identification_helper: { cpe: "cpe:/a:f5:big-ip:-", }, }, }, ], category: "vendor", name: "F5", }, { branches: [ { branches: [ { category: "product_name", name: "Hitachi Ops Center", product: { name: "Hitachi Ops Center", product_id: "T017562", product_identification_helper: { cpe: "cpe:/a:hitachi:ops_center:-", }, }, }, { category: "product_version_range", name: "< Common Services 10.9.3-00", product: { name: "Hitachi Ops Center < Common Services 10.9.3-00", product_id: "T030195", }, }, ], category: "product_name", name: "Ops Center", }, ], category: "vendor", name: "Hitachi", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { branches: [ { category: "product_version_range", name: "Streams < 2.4.0", product: { name: "Red Hat JBoss A-MQ Streams < 2.4.0", product_id: "T027764", }, }, ], category: "product_name", name: "JBoss A-MQ", }, { branches: [ { category: "product_version_range", name: "< 7.4.9", product: { name: "Red Hat JBoss Enterprise Application Platform < 7.4.9", product_id: "T026073", }, }, ], category: "product_name", name: "JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "container platform 4.0.51", product: { name: "Red Hat OpenShift container platform 4.0.51", product_id: "T026183", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform_4.0.51", }, }, }, ], category: "product_name", name: "OpenShift", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2015-9251", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2015-9251", }, { cve: "CVE-2016-10735", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2016-10735", }, { cve: "CVE-2017-18214", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2017-18214", }, { cve: "CVE-2018-14040", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2018-14040", }, { cve: "CVE-2018-14041", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2018-14041", }, { cve: "CVE-2018-14042", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2018-14042", }, { cve: "CVE-2019-11358", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2019-11358", }, { cve: "CVE-2019-8331", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2019-8331", }, { cve: "CVE-2020-11022", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2020-11022", }, { cve: "CVE-2020-11023", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2020-11023", }, { cve: "CVE-2022-3143", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-3143", }, { cve: "CVE-2022-40149", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-40149", }, { cve: "CVE-2022-40150", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-40150", }, { cve: "CVE-2022-40152", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-40152", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-42004", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-42004", }, { cve: "CVE-2022-45047", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-45047", }, { cve: "CVE-2022-45693", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-45693", }, { cve: "CVE-2022-46364", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-46364", }, ], }
WID-SEC-W-2023-0239
Vulnerability from csaf_certbund
Published
2023-01-31 23:00
Modified
2024-02-28 23:00
Summary
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-0239 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0239.json", }, { category: "self", summary: "WID-SEC-2023-0239 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0239", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0552 vom 2023-01-31", url: "https://access.redhat.com/errata/RHSA-2023:0552", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0553 vom 2023-01-31", url: "https://access.redhat.com/errata/RHSA-2023:0553", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0554 vom 2023-01-31", url: "https://access.redhat.com/errata/RHSA-2023:0554", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0556 vom 2023-01-31", url: "https://access.redhat.com/errata/RHSA-2023:0556", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0560 vom 2023-02-08", url: "https://access.redhat.com/errata/RHSA-2023:0560", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0713 vom 2023-02-09", url: "https://access.redhat.com/errata/RHSA-2023:0713", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1044 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1044", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1043 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1043", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1049 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1049", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1047 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1047", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1045 vom 2023-03-02", url: "https://access.redhat.com/errata/RHSA-2023:1045", }, { category: "external", summary: "F5 Security Advisory K48382137 vom 2023-04-21", url: "https://my.f5.com/manage/s/article/K48382137", }, { category: "external", summary: "F5 Security Advisory K05380109 vom 2023-04-20", url: "https://my.f5.com/manage/s/article/K05380109", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3223 vom 2023-05-18", url: "https://access.redhat.com/errata/RHSA-2023:3223", }, { category: "external", summary: "Hitachi Software Vulnerability Information hitachi-sec-2023-116 vom 2023-05-23", url: "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-116/index.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4983 vom 2023-09-05", url: "https://access.redhat.com/errata/RHSA-2023:4983", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2023-143 vom 2023-10-03", url: "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-143/index.html", }, { category: "external", summary: "Dell Security Advisory DSA-2023-409 vom 2023-12-23", url: "https://www.dell.com/support/kbdoc/000220669/dsa-2023-=", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1027 vom 2024-02-28", url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], source_lang: "en-US", title: "Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen", tracking: { current_release_date: "2024-02-28T23:00:00.000+00:00", generator: { date: "2024-08-15T17:42:48.458+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-0239", initial_release_date: "2023-01-31T23:00:00.000+00:00", revision_history: [ { date: "2023-01-31T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-02-08T23:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-02-09T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-03-01T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-04-20T22:00:00.000+00:00", number: "5", summary: "Neue Updates von F5 aufgenommen", }, { date: "2023-05-18T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-05-22T22:00:00.000+00:00", number: "7", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2023-09-05T22:00:00.000+00:00", number: "8", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-10-03T22:00:00.000+00:00", number: "9", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2023-12-26T23:00:00.000+00:00", number: "10", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-02-28T23:00:00.000+00:00", number: "11", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "11", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "F5 BIG-IP", product: { name: "F5 BIG-IP", product_id: "T001663", product_identification_helper: { cpe: "cpe:/a:f5:big-ip:-", }, }, }, ], category: "vendor", name: "F5", }, { branches: [ { branches: [ { category: "product_name", name: "Hitachi Ops Center", product: { name: "Hitachi Ops Center", product_id: "T017562", product_identification_helper: { cpe: "cpe:/a:hitachi:ops_center:-", }, }, }, { category: "product_version_range", name: "< Common Services 10.9.3-00", product: { name: "Hitachi Ops Center < Common Services 10.9.3-00", product_id: "T030195", }, }, ], category: "product_name", name: "Ops Center", }, ], category: "vendor", name: "Hitachi", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { branches: [ { category: "product_version_range", name: "Streams < 2.4.0", product: { name: "Red Hat JBoss A-MQ Streams < 2.4.0", product_id: "T027764", }, }, ], category: "product_name", name: "JBoss A-MQ", }, { branches: [ { category: "product_version_range", name: "< 7.4.9", product: { name: "Red Hat JBoss Enterprise Application Platform < 7.4.9", product_id: "T026073", }, }, ], category: "product_name", name: "JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "container platform 4.0.51", product: { name: "Red Hat OpenShift container platform 4.0.51", product_id: "T026183", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform_4.0.51", }, }, }, ], category: "product_name", name: "OpenShift", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2015-9251", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2015-9251", }, { cve: "CVE-2016-10735", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2016-10735", }, { cve: "CVE-2017-18214", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2017-18214", }, { cve: "CVE-2018-14040", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2018-14040", }, { cve: "CVE-2018-14041", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2018-14041", }, { cve: "CVE-2018-14042", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2018-14042", }, { cve: "CVE-2019-11358", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2019-11358", }, { cve: "CVE-2019-8331", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2019-8331", }, { cve: "CVE-2020-11022", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2020-11022", }, { cve: "CVE-2020-11023", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2020-11023", }, { cve: "CVE-2022-3143", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-3143", }, { cve: "CVE-2022-40149", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-40149", }, { cve: "CVE-2022-40150", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-40150", }, { cve: "CVE-2022-40152", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-40152", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-42004", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-42004", }, { cve: "CVE-2022-45047", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-45047", }, { cve: "CVE-2022-45693", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-45693", }, { cve: "CVE-2022-46364", notes: [ { category: "description", text: "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T026183", "67646", "T001663", "T027764", "T030195", "T017562", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-46364", }, ], }
fkie_cve-2022-3143
Vulnerability from fkie_nvd
Published
2023-01-13 06:15
Modified
2024-11-21 07:18
Severity ?
Summary
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2022-3143 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2022-3143 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | wildfly_elytron | 1.15.15 | |
| redhat | jboss_enterprise_application_platform | 7.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:wildfly_elytron:1.15.15:*:*:*:*:*:*:*", matchCriteriaId: "949CB761-318B-460A-85E9-7B8B4F867BFA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "72A54BDA-311C-413B-8E4D-388AD65A170A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", }, { lang: "es", value: "wildfly-elytron: posibles ataques de sincronización mediante el uso de un comparador inseguro. Se encontró una falla en Wildfly-elytron. Wildfly-elytron utiliza java.util.Arrays.equals en varios lugares, lo que no es seguro y es vulnerable a ataques de sincronización. Para comparar valores de forma segura, utilice java.security.MessageDigest.isEqual en su lugar. Esta falla permite a un atacante acceder a información segura o hacerse pasar por un usuario autenticado.", }, ], id: "CVE-2022-3143", lastModified: "2024-11-21T07:18:54.993", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-13T06:15:11.080", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-jmj6-p2j9-68cp
Vulnerability from github
Published
2023-01-13 06:30
Modified
2023-01-25 21:37
Severity ?
Summary
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator
Details
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
{ affected: [ { package: { ecosystem: "Maven", name: "org.wildfly.security:wildfly-elytron", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "1.15.15.Final", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Maven", name: "org.wildfly.security:wildfly-elytron", }, ranges: [ { events: [ { introduced: "1.16.0.CR1", }, { fixed: "1.20.3.Final", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2022-3143", ], database_specific: { cwe_ids: [ "CWE-203", "CWE-208", ], github_reviewed: true, github_reviewed_at: "2023-01-13T21:32:28Z", nvd_published_at: "2023-01-13T06:15:00Z", severity: "HIGH", }, details: "wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses `java.util.Arrays.equals` in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use `java.security.MessageDigest.isEqual` instead. This flaw allows an attacker to access secure information or impersonate an authed user.", id: "GHSA-jmj6-p2j9-68cp", modified: "2023-01-25T21:37:25Z", published: "2023-01-13T06:30:22Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", }, { type: "WEB", url: "https://access.redhat.com/security/cve/CVE-2022-3143", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124682", }, { type: "PACKAGE", url: "https://github.com/wildfly-security/wildfly-elytron", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", type: "CVSS_V3", }, ], summary: "Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.